[openstack-dev] [Keystone] Listing Domain roles (or retrieving them by name)

Johannes Grassler jgrassler at suse.de
Tue Sep 20 08:15:40 UTC 2016


Hello,

is there a canonical way to either

* list roles in a given domain
* or retrieve a role from a given domain by name (preferred)

keystoneclient.v3.roles.RoleManager.list() does not appear to do the trick. While it takes a
`domain` argument, it only returns roles with a domain_id=None attribute but none of the roles
in the domain I specified. Also, it appears to be deprecated if this comment[0] in
python-openstackclient is anything to go by.

As for why I want to do this: I attempt to create the role in question and catch the Conflict exception
that happens if a role with that name exists already. To use that existing role I need its UUID though
(or a role object as keystoneclient.v3.roles.RoleManager.create() would have returned if it were successful).
The name does not help since I cannot use that for keystoneclient.v3.roles.RoleManager.grant(). Come to
think of it, a way to grant roles on a domain by name would also solve the problem...

Cheers,

Johannes

[0] https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v3/role.py#L241

-- 
Johannes Grassler, Cloud Developer
SUSE Linux GmbH, HRB 21284 (AG Nürnberg)
GF: Felix Imendörffer, Jane Smithard, Graham Norton
Maxfeldstr. 5, 90409 Nürnberg, Germany



More information about the OpenStack-dev mailing list