NFVBENCH-141 Fix Openstack user admin role check

Change-Id: Icfd6c6c4755ae79f9cd383afa5e8c369a3eeb840 Signed-off-by: fmenguy <francoisregis.menguy@orange.com>
author: fmenguy <francoisregis.menguy@orange.com> 2019-07-05 11:41:32 +0200
committer: fmenguy <francoisregis.menguy@orange.com> 2019-07-05 11:41:32 +0200
commit: c1079b7ef2495f1907a5010d59dcec98744275d0 (patch)
tree: 3237aa041073291b5286d228fa5edc4523edca5c
parent: 09252752f7dc65af155146981c65bc1a5d23195f (diff)
1 files changed, 9 insertions, 15 deletions
diff --git a/nfvbench/credentials.py b/nfvbench/credentials.py
index 17811f9..3a18981 100644
--- a/nfvbench/credentials.py
+++ b/nfvbench/credentials.py
@@ -21,8 +21,6 @@ import getpass
 from keystoneauth1.identity import v2
 from keystoneauth1.identity import v3
 from keystoneauth1 import session
-from keystoneclient import client
-from keystoneclient import utils
 from log import LOG
 
 
@@ -170,16 +168,12 @@ class Credentials(object):
 
         # check if user has admin role in OpenStack project
         try:
-            keystone = client.Client(session=self.get_session())
-            user = utils.find_resource(keystone.users, self.rc_username)
-            if self.rc_identity_api_version == 2:
-                tenant = utils.find_resource(keystone.tenants, self.rc_tenant_name)
-                roles = keystone.roles.roles_for_user(user, tenant=tenant.id)
-            elif self.rc_identity_api_version == 3:
-                project = utils.find_resource(keystone.projects, self.rc_project_name)
-                roles = keystone.roles.list(user=user.id, project=project.id)
-            for role in roles:
-                if role.name == 'admin':
-                    self.is_admin = True
-        except Exception:
-            LOG.warning("User is not admin, no permission to list user roles")
+            # vX/users URL returns exception (HTTP 403) if user is not admin.
+            # Return HTTP 200 if user is admin
+            self.get_session().get('/v' + str(self.rc_identity_api_version) + '/users',
+                                   endpoint_filter={'service_type': 'identity',
+                                                    'interface': 'public',
+                                                    'region_name': self.rc_region_name})
+            self.is_admin = True
+        except Exception as e:
+            LOG.warning("User is not admin, no permission to list user roles. Exception: %s", e)
author	fmenguy <francoisregis.menguy@orange.com>	2019-07-05 11:41:32 +0200
committer	fmenguy <francoisregis.menguy@orange.com>	2019-07-05 11:41:32 +0200
commit	c1079b7ef2495f1907a5010d59dcec98744275d0 (patch)
tree	3237aa041073291b5286d228fa5edc4523edca5c
parent	09252752f7dc65af155146981c65bc1a5d23195f (diff)