def main():
print "This script set a XACML policy to a role in Access Control"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 11
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print " <ROLE_NAME> Name of role"
print " <POLICY_FILE> Policy XACML file name"
print " <KEYPASS_PROTOCOL> HTTP or HTTPS"
print " <KEYPASS_HOST> Keypass (or PEPProxy) HOSTNAME or IP"
print " <KEYPASS_PORT> Keypass (or PEPProxy) PORT"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print " ServiceCustomer\\"
print " mypolicy.xml \\"
print " http \\"
print " localhost \\"
print " 8080 \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
ROLE_NAME = sys.argv[7]
POLICY_FILE_NAME = sys.argv[8]
KEYPASS_PROTOCOL = sys.argv[9]
KEYPASS_HOST = sys.argv[10]
KEYPASS_PORT = sys.argv[11]
flow = Roles(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT,
KEYPASS_PROTOCOL, KEYPASS_HOST, KEYPASS_PORT)
flow.setPolicyRole(SERVICE_NAME, None, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD, None, ROLE_NAME, None,
POLICY_FILE_NAME)
def main():
print "This script assigns a role to a service group IoT keystone"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 8
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print " <ROLE_NAME> Name of role"
print " <SERVICE_GROUP> Service group name"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print " ServiceCustomer\\"
print " ServiceCustomerGroup\\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
ROLE_NAME = sys.argv[7]
SERVICE_GROUP = sys.argv[8]
flow = Roles(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT)
flow.assignRoleServiceGroup(
SERVICE_NAME,
None,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None,
ROLE_NAME,
None,
SERVICE_GROUP,
None)
def main():
print "This script prints user roles assignments in a service"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 8
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print " <SUBSERVICE_NAME> SubService name"
# print " <ROLE_NAME> Role Name (optional)"
# print " <USER_NAME> User Name"
print " <EFFECTIVE> Effective roles: True or False"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print " Electricidad \\"
# print " SubServiceAdmin\\"
#print " Alice \\"
print " True \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
SUBSERVICE_NAME = sys.argv[7]
# ROLE_NAME=sys.argv[8]
#USER_NAME=sys.argv[7]
EFFECTIVE = sys.argv[8] in ["True", "true", "TRUE"]
flow = Roles(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT)
roles, service_name, subservice_name = flow.roles_assignments(
None, SERVICE_NAME, None, SUBSERVICE_NAME, None, None, None, None,
SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, None, EFFECTIVE)
pprint.pprint(roles)
def main():
print "This script removes a Role Service (aka keystone domain) in IoT Platform"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 7
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <ROLE_NAME> Role name"
print " <SERVICE_ADMIN_USER> Service Admin username"
print " <SERVICE_ADMIN_PASSWORD> Service Admin password"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " SubServiceCustomer\\"
print " adm1 \\"
print " password \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
ROLE_NAME = sys.argv[5]
SERVICE_ADMIN_USER = sys.argv[6]
SERVICE_ADMIN_PASSWORD = sys.argv[7]
flow = Roles(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT)
role_detail, service_name, subservice_name = flow.removeRole(
SERVICE_NAME,
None,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None,
ROLE_NAME,
None)
pprint.pprint(role_detail)
def main():
print "This script prints roles in a service"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 6
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
flow = Roles(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT)
roles, service_name, subservice_name = flow.roles(
SERVICE_NAME,
None,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None,
None,
None)
pprint.pprint(roles)
def main():
print "This script removes a Role Service (aka keystone domain) in IoT Platform"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 7
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <ROLE_NAME> Role name"
print " <SERVICE_ADMIN_USER> Service Admin username"
print " <SERVICE_ADMIN_PASSWORD> Service Admin password"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " SubServiceCustomer\\"
print " adm1 \\"
print " password \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
ROLE_NAME = sys.argv[5]
SERVICE_ADMIN_USER = sys.argv[6]
SERVICE_ADMIN_PASSWORD = sys.argv[7]
flow = Roles(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT)
role_detail, service_name, subservice_name = flow.removeRole(
SERVICE_NAME, None, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, None,
ROLE_NAME, None)
pprint.pprint(role_detail)
def main():
print "This script prints roles in a service"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 6
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
flow = Roles(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT)
roles, service_name, subservice_name = flow.roles(SERVICE_NAME, None,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None, None, None)
pprint.pprint(roles)
def main():
print "This script prints user roles assignments in a service"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 8
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
# print " <SUBSERVICE_NAME> SubService name (optional)"
# print " <ROLE_NAME> Role Name (optional)"
print " <USER_NAME> User Name"
print " <EFFECTIVE> Effective roles: True or False"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
# print " Electricidad \\"
# print " SubServiceAdmin\\"
print " Alice \\"
print " True \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
# SUBSERVICE_NAME=sys.argv[7]
# ROLE_NAME=sys.argv[8]
USER_NAME = sys.argv[7]
EFFECTIVE = sys.argv[8] in ["True", "true", "TRUE"]
flow = Roles(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT)
roles, service_name, subservice_name = flow.roles_assignments(
None,
SERVICE_NAME,
None,
None,
None,
None,
None,
USER_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None,
EFFECTIVE)
pprint.pprint(roles)
def getDomainRolePolicies(self, SERVICE_ID, SERVICE_NAME,
SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN, ROLE_NAME, ROLE_ID):
'''Get domain role policies
In case of HTTP error, return HTTP error
Params:
- SERVICE_ID: Service Id
- SERVICE_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- ROLE_NAME: Role Name
- ROLE_ID: Role Id
Return:
- XACML policies
'''
data_log = {
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"ROLE_NAME": "%s" % ROLE_NAME,
"ROLE_ID": "%s" % ROLE_ID,
}
self.logger.debug("FLOW get_domain_role_policies invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
# Get Role ID
if not ROLE_ID and ROLE_NAME:
if ROLE_NAME == "Admin":
SERVICE_ADMIN_ID = self.idm.getUserId(
SERVICE_ADMIN_TOKEN, SERVICE_ADMIN_USER)
# Get KEYSTONE CONF from base idm class
roles_flow = Roles(self.idm.KEYSTONE_PROTOCOL,
self.idm.KEYSTONE_HOST,
self.idm.KEYSTONE_PORT)
roles = roles_flow.roles_assignments(
SERVICE_ID, None, None, None, None, None,
SERVICE_ADMIN_ID, None, None, None,
SERVICE_ADMIN_TOKEN, True)
for role in roles['role_assignments']:
if role['role']['name'] == 'admin':
ROLE_ID = role['role']['id']
break
else:
ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, ROLE_NAME)
self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))
# Get policies in Access Control
if self.idm.isTokenAdmin(SERVICE_ADMIN_TOKEN, SERVICE_ID):
policies = self.ac.getRolePolicies(SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ROLE_ID)
self.logger.debug("POLICIES=%s" % policies)
else:
raise Exception("not admin role found to perform this action")
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def main():
print "This script set a XACML policy to a role in Access Control"
print ""
SCRIPT_NAME = sys.argv[0]
NUM_ARGS_EXPECTED = 11
if (len(sys.argv) - 1 < NUM_ARGS_EXPECTED):
print "Usage: %s [args]" % SCRIPT_NAME
print "Args: "
print " <KEYSTONE_PROTOCOL> HTTP or HTTPS"
print " <KEYSTONE_HOST> Keystone HOSTNAME or IP"
print " <KEYSTONE_PORT> Keystone PORT"
print " <SERVICE_NAME> Service name"
print " <SERVICE_ADMIN_USER> Service admin username"
print " <SERVICE_ADMIN_PASSWORD> Service admin password"
print " <ROLE_NAME> Name of role"
print " <POLICY_FILE> Policy XACML file name"
print " <KEYPASS_PROTOCOL> HTTP or HTTPS"
print " <KEYPASS_HOST> Keypass (or PEPProxy) HOSTNAME or IP"
print " <KEYPASS_PORT> Keypass (or PEPProxy) PORT"
print ""
print " Typical usage:"
print " %s http \\" % SCRIPT_NAME
print " localhost \\"
print " 5000 \\"
print " smartcity \\"
print " adm1 \\"
print " password \\"
print " ServiceCustomer\\"
print " mypolicy.xml \\"
print " http \\"
print " localhost \\"
print " 8080 \\"
print ""
print "For bug reporting, please contact with:"
print "<*****@*****.**>"
return
KEYSTONE_PROTOCOL = sys.argv[1]
KEYSTONE_HOST = sys.argv[2]
KEYSTONE_PORT = sys.argv[3]
SERVICE_NAME = sys.argv[4]
SERVICE_ADMIN_USER = sys.argv[5]
SERVICE_ADMIN_PASSWORD = sys.argv[6]
ROLE_NAME = sys.argv[7]
POLICY_FILE_NAME = sys.argv[8]
KEYPASS_PROTOCOL = sys.argv[9]
KEYPASS_HOST = sys.argv[10]
KEYPASS_PORT = sys.argv[11]
flow = Roles(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT,
KEYPASS_PROTOCOL,
KEYPASS_HOST,
KEYPASS_PORT)
flow.setPolicyRole(
SERVICE_NAME,
None,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
None,
ROLE_NAME,
None,
POLICY_FILE_NAME)
def getDomainRolePolicies(self,
SERVICE_ID,
SERVICE_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
ROLE_NAME,
ROLE_ID):
'''Get domain role policies
In case of HTTP error, return HTTP error
Params:
- SERVICE_ID: Service Id
- SERVICE_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- ROLE_NAME: Role Name
- ROLE_ID: Role Id
Return:
- XACML policies
'''
data_log = {
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % "***", #SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
"ROLE_NAME": "%s" % ROLE_NAME,
"ROLE_ID": "%s" % ROLE_ID,
}
self.logger.debug("FLOW get_domain_role_policies invoked with: %s" % json.dumps(
data_log, indent=3)
)
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
# Get Role ID
if not ROLE_ID and ROLE_NAME:
if ROLE_NAME == "Admin":
SERVICE_ADMIN_ID = self.idm.getUserId(SERVICE_ADMIN_TOKEN,
SERVICE_ADMIN_USER)
# Get KEYSTONE CONF from base idm class
roles_flow = Roles(self.idm.KEYSTONE_PROTOCOL,
self.idm.KEYSTONE_HOST,
self.idm.KEYSTONE_PORT)
roles = roles_flow.roles_assignments(SERVICE_ID,
None,
None,
None,
None,
None,
SERVICE_ADMIN_ID,
None,
None,
None,
SERVICE_ADMIN_TOKEN,
True)
for role in roles['role_assignments']:
if role['role']['name'] == 'admin':
ROLE_ID=role['role']['id']
break
else:
ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
ROLE_NAME)
self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))
# Get policies in Access Control
if self.idm.isTokenAdmin(SERVICE_ADMIN_TOKEN, SERVICE_ID):
policies = self.ac.getRolePolicies(SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ROLE_ID)
self.logger.debug("POLICIES=%s" % policies)
else:
raise Exception("not admin role found to perform this action")
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code