[openstacksdk] create object (eg. snapshot) on behalf of user as admin

Benedikt Trefzer benedikt.trefzer at cirrax.com
Wed Feb 9 21:30:34 UTC 2022 

I still have only the default domain so admin is in same domain as the 
project. The admin user is the main admin (it has the admin role). The 
configuration is loaded through environment variables, so no cloud.yaml 
file.

Yes I think I have to somehow connect to the destination project but 
with the credentials of the admin (which is only member of another 
project).
I assumed connect_as_project is the solution, but this is not working as 
expected (actually I do not understand what it is for ! or what 
configuration it expects to work (does it expect to have a member role 
in the destination project ?).

I just tried to get a token as admin and use it for authorization in the 
customers project. But no success yet.

Another approach I did not yet try is use a trust (but, if I understand 
correctly, I have to establish the trust as user of destination project 
first)

Well and the last thing would be to add the admin user as project member 
and remove it after work is done. But I like to avoid that solution.

Benedikt



On 09.02.22 20:32, Artem Goncharov wrote:
> Please provide details whether you mean overall OpenStack admin user or 
> your domain admin user. I assume it would be necessary to connect as 
> destination project, but here exactly it is necessary to do this 
> carefully. You may also share you clouds.yaml (of course without 
> passwords), this will help to eventually notice the problem.
> 
> Also important to know whether you initially connect as admin in the 
> same domain or user project belongs to other domain.
> 
> Artem
> 
> ----
> typed from mobile, auto-correct typos assumed
> ----
> 
> On Wed, Feb 9, 2022, 15:49 Benedikt Trefzer <benedikt.trefzer at cirrax.com 
> <mailto:benedikt.trefzer at cirrax.com>> wrote:
> 
> 
>     Hi list
> 
>     I like to connect as an amin user to an openstack cloud and create a
>     snapshot of a volume in the same project as the volume exists.
> 
>     I use the openstacksdk to achive this in python.
>     So far I can connect as admin and create the snapshot but the
>     snapshot is in the admins project, not in the project of the volume.
> 
>     Code so far:
> 
>     from openstack import connect
>     import openstack.config
> 
>     conn=connect()
> 
>     conn.volume.create_snapshot(name='test', description='testing',
>     volume='volumeIDinANYproject')
> 
>     I tried to use
>     conn.connect_as_project('ProjectID')
> 
>     but was not successfull.
> 
>     Please direct me in the correct direction to achive this ! Any help
>     appreciated.
> 
>     Greeting
> 
>     Benedikt
>

More information about the openstack-discuss mailing list