On 10. May 2021, at 18:47, dmeng <dmeng@uvic.ca> wrote:

Good morning,

Thanks for replying back to me. I tried to use the fine_user to get the user id by username, but it seems like not all the user can use the find_user method.

If I do: find_user = conn.identity.find_user(name_or_id='catherine'), it will show me that "You are not authorized to perform the requested action: identity:get_user".

If I do: find_user = conn.identity.find_user(name_or_id='my_user_Id'), then it works fine.

But I would like to use the username to find the user and get the id, so I'm not sure why in this case find_user only work with id not name.

Depending on the configuration of your Keystone (what is already a default) and the account privileges you use (admin, domain_admin, token scope) you may be allowed or not allowed to search/list another users. Normally this is only possible in the domain scope, so maybe you would need to use account with more powers.

Thanks and have a great day!

Catherine

On 2021-05-08 03:01, Artem Goncharov wrote:

Hi

We are wondering if we could use the user name to get it instead of the user id? If I do get_application_credential(user='catherine', application_credential = 'app_cred_id'), then it will show me an error that "You are not authorized to perform the requested action: identity:get_application_credential". Is there any method that no need user info, can just use the application credential id to get the expiration date? We also didn't find any documentation about the application credential in openstacksdk identity service docs.

You can use:

user = conn.identity.find_user(name_or_id = 'my_user')

ac = conn.identity.find_application_credential(user=user, name_or_id='app_cred')

Regards,

Artem