Debug #933565 has report GET /users/{user_id}/roles not implemented.
I have found that PUT /users/{user_id}/roles/OS-KSADM/{role_id} is not implemented too.
>>> keystone.roles._update("/users/2f14870588174f31a62d6bc52592cdfd/roles/OS-KSADM/1285ab5fd06a4437a58ee6f994207900",None,"roles")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/stack/python-keystoneclient/keystoneclient/base.py", line 94, in _update
resp, body = methods[method](url, body=body)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 172, in put
return self._cs_request(url, 'PUT', **kwargs)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 150, in _cs_request
**kwargs)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 130, in request
raise exceptions.from_response(resp, body)
keystoneclient.exceptions.HTTPNotImplemented: User roles not supported: tenant_id required (HTTP 501)
DELETE /users/{user_id}/roles/OS-KSADM/{role_id} results in AttributeError:'RoleController' object has no attribute 'delete_role_from_user'.(HTTP 500)
>>> keystone.roles._delete("/users/2f14870588174f31a62d6bc52592cdfd/roles/OS-KSADM/1285ab5fd06a4437a58ee6f994207900")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/stack/python-keystoneclient/keystoneclient/base.py", line 88, in _delete
resp, body = self.api.delete(url)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 175, in delete
return self._cs_request(url, 'DELETE', **kwargs)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 150, in _cs_request
**kwargs)
File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 130, in request
raise exceptions.from_response(resp, body)
keystoneclient.exceptions.ClientException: Unable to communicate with identity service: Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in handle_one_response
result = self.application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/paste/urlmap.py", line 203, in __call__
return app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
response = request.get_response(self.application)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
application, catch_exc_info=False)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
app_iter = application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
response = request.get_response(self.application)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
application, catch_exc_info=False)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
app_iter = application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
response = request.get_response(self.application)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
application, catch_exc_info=False)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
app_iter = application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
response = request.get_response(self.application)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
application, catch_exc_info=False)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
app_iter = application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 322, in __call__
resp = req.get_response(self.application)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
application, catch_exc_info=False)
File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
app_iter = application(self.environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
response = self.app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
response = self.app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
response = self.app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
return resp(environ, start_response)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
return self.func(req, *args, **kwargs)
File "/opt/stack/keystone/keystone/common/wsgi.py", line 178, in __call__
method = getattr(self, action)
AttributeError: 'RoleController' object has no attribute 'delete_role_from_user'
. (HTTP 500)
So all global role operation methods listed below will fail in python keystoneclient API, when tenant is None.
RoleManager.roles_for_user(self, user, tenant=None)
RoleManager.add_user_role(self, user, role, tenant=None)
RoleManager.remove_user_role(self, user, role, tenant=None)
UserManager.list_roles(self,user,tenant=None)
We're removing the concept of "global" roles - roles are applicable only by tenant, not as a global state.