Ask Your Question
0

Python-KeystoneClient add_user_role successful but not visible to keystone user-role-list

asked 2015-08-07 10:07:32 -0500

PeterTr7 gravatar image

I'm experiencing something weird with adding roles to users with https://github.com/openstack/python-keystoneclient (python-keystoneclient) (v2).

I seem to be succcesful in executing https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/roles.py#L58 (add_user_role).

However when I attempted to use keystone user-role-list --user pete it only has the default "_member_" role. If I delete the user and recreate it and add the role again, it says "User pete already has role X in tenant Y". Still, keystone user-role-list does not list any other role.

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-08-07 10:59:20 -0500

IMO, that v2.0 API is not correct There is nothing called user-role-list. It is always user-role-list for a tenant. So you should add a role to a (user,tenant) pair and list the user's role on a tenant.

edit flag offensive delete link more

Comments

When I call add_user_role I specify the tenant. Are you suggesting I run keystone user-role-list --user pete --tenant tenantname? Is there another more explicit was to list a user's role on a specific tenant?

Thank you for your quick response! Much appreciated!

PeterTr7 gravatar imagePeterTr7 ( 2015-08-07 11:11:16 -0500 )edit
0

answered 2015-08-09 03:36:42 -0500

RAHUL1603 gravatar image

Hi,

Please check if keystone logs give any kind of error while you are doing the keystone user-role-add. Moreover what ever role you are assigning that should exist, please check that.

At the worst you may require to delete the database keystone and recreate it all over again.

Regards Rahul Singh

edit flag offensive delete link more
0

answered 2015-08-10 15:28:13 -0500

PeterTr7 gravatar image

Originally, I called add_user_role from a https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/roles.py#L29 (RoleManager) that I got from https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/users.py#L34 (UserManager) by doing something like this:

keystone_client = keystoneclient.v2_0.client.Client(
        username=user, password=password, tenant_name=tenant_name, auth_url=url)
keystone_usermanager = keystone_client.users
role_manager = keystone_usermanager.role_manager

I had a look at how Horizon did it with their https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/keystone.py#L613 (add_tenant_user_role function).

It turns out they use the RoleManager object directly from the keystone client object. So instead of the above code, I did the following and it worked:

keystone_client = keystoneclient.v2_0.client.Client(
        username=user, password=password, tenant_name=tenant_name,
        auth_url=url)
role_manager = keystone_client.roles
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-08-07 10:07:32 -0500

Seen: 146 times

Last updated: Aug 10 '15