# under the License.
#
+import os
+import re
+
# Module for credentials in Openstack
import getpass
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneauth1 import session
-import os
-import re
-
-from log import LOG
+from .log import LOG
class Credentials(object):
self.rc_project_domain_name = None
self.rc_project_name = None
self.rc_identity_api_version = 2
+ self.is_admin = False
success = True
if openrc_file:
self.rc_username = os.environ['OS_USERNAME']
self.rc_auth_url = os.environ['OS_AUTH_URL']
self.rc_project_name = os.environ['OS_PROJECT_NAME']
- self.rc_project_domain_id = os.environ['OS_PROJECT_DOMAIN_NAME']
- self.rc_user_domain_id = os.environ['OS_USER_DOMAIN_NAME']
+ self.rc_project_domain_name = os.environ['OS_PROJECT_DOMAIN_NAME']
+ self.rc_user_domain_name = os.environ['OS_USER_DOMAIN_NAME']
if 'OS_CACERT' in os.environ:
self.rc_cacert = os.environ['OS_CACERT']
'Please enter your OpenStack Password: ')
if not self.rc_password:
self.rc_password = ""
+
+ # check if user has admin role in OpenStack project
+ filter = {'service_type': 'identity',
+ 'interface': 'public',
+ 'region_name': self.rc_region_name}
+ try:
+ # /users URL returns exception (HTTP 403) if user is not admin.
+ # try first without the version in case session already has it in
+ # Return HTTP 200 if user is admin
+ self.get_session().get('/users', endpoint_filter=filter)
+ self.is_admin = True
+ except Exception:
+ try:
+ # vX/users URL returns exception (HTTP 403) if user is not admin.
+ self.get_session().get('/v' + str(self.rc_identity_api_version) + '/users',
+ endpoint_filter=filter)
+ self.is_admin = True
+ except Exception as e:
+ LOG.warning("User is not admin, no permission to list user roles. Exception: %s", e)