[openstacksdk] create object (eg. snapshot) on behalf of user as admin
Hi list I like to connect as an amin user to an openstack cloud and create a snapshot of a volume in the same project as the volume exists. I use the openstacksdk to achive this in python. So far I can connect as admin and create the snapshot but the snapshot is in the admins project, not in the project of the volume. Code so far: from openstack import connect import openstack.config conn=connect() conn.volume.create_snapshot(name='test', description='testing', volume='volumeIDinANYproject') I tried to use conn.connect_as_project('ProjectID') but was not successfull. Please direct me in the correct direction to achive this ! Any help appreciated. Greeting Benedikt
Please provide details whether you mean overall OpenStack admin user or your domain admin user. I assume it would be necessary to connect as destination project, but here exactly it is necessary to do this carefully. You may also share you clouds.yaml (of course without passwords), this will help to eventually notice the problem. Also important to know whether you initially connect as admin in the same domain or user project belongs to other domain. Artem ---- typed from mobile, auto-correct typos assumed ---- On Wed, Feb 9, 2022, 15:49 Benedikt Trefzer <benedikt.trefzer@cirrax.com> wrote:
Hi list
I like to connect as an amin user to an openstack cloud and create a snapshot of a volume in the same project as the volume exists.
I use the openstacksdk to achive this in python. So far I can connect as admin and create the snapshot but the snapshot is in the admins project, not in the project of the volume.
Code so far:
from openstack import connect import openstack.config
conn=connect()
conn.volume.create_snapshot(name='test', description='testing', volume='volumeIDinANYproject')
I tried to use conn.connect_as_project('ProjectID')
but was not successfull.
Please direct me in the correct direction to achive this ! Any help appreciated.
Greeting
Benedikt
I still have only the default domain so admin is in same domain as the project. The admin user is the main admin (it has the admin role). The configuration is loaded through environment variables, so no cloud.yaml file. Yes I think I have to somehow connect to the destination project but with the credentials of the admin (which is only member of another project). I assumed connect_as_project is the solution, but this is not working as expected (actually I do not understand what it is for ! or what configuration it expects to work (does it expect to have a member role in the destination project ?). I just tried to get a token as admin and use it for authorization in the customers project. But no success yet. Another approach I did not yet try is use a trust (but, if I understand correctly, I have to establish the trust as user of destination project first) Well and the last thing would be to add the admin user as project member and remove it after work is done. But I like to avoid that solution. Benedikt On 09.02.22 20:32, Artem Goncharov wrote:
Please provide details whether you mean overall OpenStack admin user or your domain admin user. I assume it would be necessary to connect as destination project, but here exactly it is necessary to do this carefully. You may also share you clouds.yaml (of course without passwords), this will help to eventually notice the problem.
Also important to know whether you initially connect as admin in the same domain or user project belongs to other domain.
Artem
---- typed from mobile, auto-correct typos assumed ----
On Wed, Feb 9, 2022, 15:49 Benedikt Trefzer <benedikt.trefzer@cirrax.com <mailto:benedikt.trefzer@cirrax.com>> wrote:
Hi list
I like to connect as an amin user to an openstack cloud and create a snapshot of a volume in the same project as the volume exists.
I use the openstacksdk to achive this in python. So far I can connect as admin and create the snapshot but the snapshot is in the admins project, not in the project of the volume.
Code so far:
from openstack import connect import openstack.config
conn=connect()
conn.volume.create_snapshot(name='test', description='testing', volume='volumeIDinANYproject')
I tried to use conn.connect_as_project('ProjectID')
but was not successfull.
Please direct me in the correct direction to achive this ! Any help appreciated.
Greeting
Benedikt
participants (2)
-
Artem Goncharov
-
Benedikt Trefzer