from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneauth1 import session
-from keystoneclient import client
-from keystoneclient import utils
-from log import LOG
+from .log import LOG
class Credentials(object):
self.rc_password = ""
# check if user has admin role in OpenStack project
+ filter = {'service_type': 'identity',
+ 'interface': 'public',
+ 'region_name': self.rc_region_name}
try:
- keystone = client.Client(session=self.get_session())
- user = utils.find_resource(keystone.users, self.rc_username)
- project = utils.find_resource(keystone.projects, self.rc_project_name)
- roles = keystone.roles.list(user=user.id, project=project.id)
- for role in roles:
- if role.name == 'admin':
- self.is_admin = True
- except Exception:
- LOG.warning("User is not admin, no permission to list user roles")
+ # /users URL returns exception (HTTP 403) if user is not admin.
+ # try first without the version in case session already has it in
+ # Return HTTP 200 if user is admin
+ self.get_session().get('/users', endpoint_filter=filter)
+ self.is_admin = True
+ except Exception as e:
+ try:
+ # vX/users URL returns exception (HTTP 403) if user is not admin.
+ self.get_session().get('/v' + str(self.rc_identity_api_version) + '/users',
+ endpoint_filter=filter)
+ self.is_admin = True
+ except Exception as e:
+ LOG.warning("User is not admin, no permission to list user roles. Exception: %s", e)