+ user = user_info.get("_id") or user_info.get("username")
+ try:
+ user_obj = self.keystone.users.get(user)
+ except Exception:
+ user_obj = None
+ if not user_obj:
+ for user_domain in self.user_domain_name_list:
+ domain_id = self._get_domain_id(user_domain, fail_if_not_found=False)
+ if not domain_id:
+ continue
+ user_obj_list = self.keystone.users.list(name=user, domain=domain_id)
+ if user_obj_list:
+ user_obj = user_obj_list[0]
+ break
+ else: # user not found
+ raise AuthconnNotFoundException("User '{}' not found".format(user))
+
+ user_id = user_obj.id
+ domain_id = user_obj.domain_id
+ domain_name = self.domains_id2name.get(domain_id)
+
+ if domain_name in self.user_domain_ro_list:
+ if user_info.get("password") or user_info.get("username"):
+ raise AuthconnConflictException("Cannot update the user {} belonging to a read only domain {}".
+ format(user, domain_name))
+
+ elif user_info.get("password") or user_info.get("username") \
+ or user_info.get("add_project_role_mappings") or user_info.get("remove_project_role_mappings"):
+ # if user_index>0, it is an external domain, that should not be updated
+ ctime = user_obj._admin.get("created", 0) if hasattr(user_obj, "_admin") else 0
+ try:
+ self.keystone.users.update(user_id, password=user_info.get("password"),
+ name=user_info.get("username"),
+ _admin={"created": ctime, "modified": time.time()})
+ except Exception as e:
+ if user_info.get("username") or user_info.get("password"):
+ raise AuthconnOperationException("Error during username/password change: {}".format(str(e)))
+ self.logger.error("Error during updating user profile: {}".format(str(e)))
+
+ for mapping in user_info.get("remove_project_role_mappings", []):
+ self.remove_role_from_user(user_obj, mapping["project"], mapping["role"])
+ for mapping in user_info.get("add_project_role_mappings", []):
+ self.assign_role_to_user(user_obj, mapping["project"], mapping["role"])