- roles_for_user = \
- {role.name: role for role in
- self.keystone.roles.roles_for_user(user, tenant=project)}
- if role_name not in roles_for_user:
- self.keystone.roles.add_user_role(user, role, tenant=project)
+ try:
+ self.keystone.roles.check(role, user=user, project=project)
+ self.log.info('Already grant a role:%s to user: %s on'
+ ' project: %s'
+ % (role_name, user_name,
+ self.conf.doctor_project))
+ except ks_exceptions.NotFound:
+ self.keystone.roles.grant(role, user=user, project=project)