X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=d91618919f95f809abbcc7f6f1be1478aa09f83f;hp=fcebad4b8cd05732f85bd4709c7e5a4b4b735ed4;hb=126af57f9b2b09f1ab72c6a7f6dfce4e79d0480f;hpb=65ca36d13f895d0a361d59a5962029d6e3ef7a99

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index fcebad4..d916189 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -156,16 +156,15 @@ class Authenticator:
         # Note: it is faster to rewrite the value than to check if it is already there or not
         if self.config["authentication"]["backend"] == "internal":
             return
-        
+
         operations = []
         with open(self.resources_to_operations_file, "r") as stream:
             resources_to_operations_yaml = yaml.load(stream)
 
         for resource, operation in resources_to_operations_yaml["resources_to_operations"].items():
-            operation_key = operation.replace(".", ":")
-            if operation_key not in operations:
-                operations.append(operation_key)
-            self.resources_to_operations_mapping[resource] = operation_key
+            if operation not in operations:
+                operations.append(operation)
+            self.resources_to_operations_mapping[resource] = operation
 
         records = self.db.get_list("roles_operations")
 
@@ -194,19 +193,18 @@ class Authenticator:
                     if not isinstance(is_allowed, bool):
                         continue
 
-                    if operation == ".":
+                    if operation == ":":
                         root = is_allowed
                         continue
 
-                    if len(operation) != 1 and operation[-1] == ".":
-                        self.logger.warning("Invalid operation {0} terminated in '.'. "
+                    if len(operation) != 1 and operation[-1] == ":":
+                        self.logger.warning("Invalid operation {0} terminated in ':'. "
                                             "Operation will be discarded"
                                             .format(operation))
                         continue
 
-                    operation_key = operation.replace(".", ":")
-                    if operation_key not in role_ops.keys():
-                        role_ops[operation_key] = is_allowed
+                    if operation not in role_ops.keys():
+                        role_ops[operation] = is_allowed
                     else:
                         self.logger.info("In role {0}, the operation {1} with the value {2} was discarded due to "
                                          "repetition.".format(role_with_operations["role"], operation, is_allowed))
@@ -231,7 +229,12 @@ class Authenticator:
 
                 if self.config["authentication"]["backend"] != "internal" and \
                         role_with_operations["role"] != "anonymous":
-                    keystone_id = self.backend.create_role(role_with_operations["role"])
+                    keystone_id = [role for role in self.backend.get_role_list() 
+                                   if role["name"] == role_with_operations["role"]]
+                    if keystone_id:
+                        keystone_id = keystone_id[0]
+                    else:
+                        keystone_id = self.backend.create_role(role_with_operations["role"])
                     operation_to_roles_item["_id"] = keystone_id["_id"]
 
                 self.db.create("roles_operations", operation_to_roles_item)