projects / osm / NBI.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32bab47)
bug when migrating from old user format containing project instead project_role_mappings 69/7969/1
authortierno <alfonso.tiernosepulveda@telefonica.com>
Tue, 3 Sep 2019 14:58:09 +0000 (14:58 +0000)
committertierno <alfonso.tiernosepulveda@telefonica.com>
Fri, 20 Sep 2019 12:38:28 +0000 (12:38 +0000)
Change-Id: I9cb853b2eecef2c69661e85f4bbba4b153811559
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>
osm_nbi/auth.py patch | blob | history

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index 3047c9f..36b6dc5 100644 (file)
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -257,13 +257,31 @@ class Authenticator:
 
         # Create admin project&user if required
         pid = self.create_admin_project()
-        self.create_admin_user(pid)
+        user_id = self.create_admin_user(pid)
 
-        # self.backend.update_user({"_id": "admin",
-        #                           "add_project_role_mappings": {"project": "admin", "role": "system_admin"}})
-        if self.config["authentication"]["backend"] == "keystone":
+        # try to assign system_admin role to user admin if not any user has this role
+        if not user_id:
             try:
-                self.backend.assign_role_to_user("admin", "admin", "system_admin")
+                users = self.backend.get_user_list()
+                roles = self.backend.get_role_list({"name": "system_admin"})
+                role_id = roles[0]["_id"]
+                user_with_system_admin = False
+                user_admin_id = None
+                for user in users:
+                    if not user_admin_id:
+                        user_admin_id = user["_id"]
+                    if user["username"] == "admin":
+                        user_admin_id = user["_id"]
+                    for prm in user.get("project_role_mappings", ()):
+                        if prm["role"] == role_id:
+                            user_with_system_admin = True
+                            break
+                    if user_with_system_admin:
+                        break
+                if not user_with_system_admin:
+                    self.backend.update_user({"_id": user_admin_id,
+                                              "add_project_role_mappings": [{"project": pid, "role": role_id}]})
+                    self.logger.info("Added role system admin to user='{}' project=admin".format(user_admin_id))
             except Exception:
                 pass