Fix Bug 870: Getting unauthorized when using keystone as back-end for NBI 52/8452/2
authordelacruzramo <pedro.delacruzramos@altran.com>
Thu, 26 Dec 2019 10:09:04 +0000 (10:09 +0000)
committerdelacruzramo <pedro.delacruzramos@altran.com>
Wed, 15 Jan 2020 15:50:46 +0000 (16:50 +0100)
Change-Id: I085be0f780388aed0d269c298c17ceb960fa14cc
Signed-off-by: delacruzramo <pedro.delacruzramos@altran.com>
osm_nbi/auth.py
osm_nbi/authconn_keystone.py

index dc3d386..023d286 100644 (file)
@@ -282,8 +282,8 @@ class Authenticator:
                     self.backend.update_user({"_id": user_admin_id,
                                               "add_project_role_mappings": [{"project": pid, "role": role_id}]})
                     self.logger.info("Added role system admin to user='{}' project=admin".format(user_admin_id))
-            except Exception:
-                pass
+            except Exception as e:
+                self.logger.error("Error in Authorization DataBase initialization: {}: {}".format(type(e).__name__, e))
 
         self.load_operation_to_allowed_roles()
 
index f32cfe9..ebd7654 100644 (file)
@@ -251,8 +251,9 @@ class AuthconnKeystone(Authconn):
             user_id = user_obj.id
             if user_info.get("password") or user_info.get("username") \
                     or user_info.get("add_project_role_mappings") or user_info.get("remove_project_role_mappings"):
+                ctime = user_obj._admin.get("created", 0) if hasattr(user_obj, "_admin") else 0
                 self.keystone.users.update(user_id, password=user_info.get("password"), name=user_info.get("username"),
-                                           _admin={"created": user_obj._admin["created"], "modified": time.time()})
+                                           _admin={"created": ctime, "modified": time.time()})
             for mapping in user_info.get("remove_project_role_mappings", []):
                 self.remove_role_from_user(user_id, mapping["project"], mapping["role"])
             for mapping in user_info.get("add_project_role_mappings", []):