X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=36b6dc54236280532ad3fa3868086920b22459c1;hp=3047c9fb367268a2ea66c7b38547b2d27454ceea;hb=9ebbf855f902fb7a9864427a364fb102ce792fc0;hpb=9c63011a8f3ff8f42ad90359323606b9aa9f2e7a diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py index 3047c9f..36b6dc5 100644 --- a/osm_nbi/auth.py +++ b/osm_nbi/auth.py @@ -257,13 +257,31 @@ class Authenticator: # Create admin project&user if required pid = self.create_admin_project() - self.create_admin_user(pid) + user_id = self.create_admin_user(pid) - # self.backend.update_user({"_id": "admin", - # "add_project_role_mappings": {"project": "admin", "role": "system_admin"}}) - if self.config["authentication"]["backend"] == "keystone": + # try to assign system_admin role to user admin if not any user has this role + if not user_id: try: - self.backend.assign_role_to_user("admin", "admin", "system_admin") + users = self.backend.get_user_list() + roles = self.backend.get_role_list({"name": "system_admin"}) + role_id = roles[0]["_id"] + user_with_system_admin = False + user_admin_id = None + for user in users: + if not user_admin_id: + user_admin_id = user["_id"] + if user["username"] == "admin": + user_admin_id = user["_id"] + for prm in user.get("project_role_mappings", ()): + if prm["role"] == role_id: + user_with_system_admin = True + break + if user_with_system_admin: + break + if not user_with_system_admin: + self.backend.update_user({"_id": user_admin_id, + "add_project_role_mappings": [{"project": pid, "role": role_id}]}) + self.logger.info("Added role system admin to user='{}' project=admin".format(user_admin_id)) except Exception: pass