Privilege checking for heat-keystone-setup-domain

This patch added additional exception handling so that a non-admin user will understand why his/her attempt to run this script failed. Change-Id: I20a593f613931de0b3c13094a2e0b6c2f2b0eea1 Closes-Bug: 1354687
2014-08-09 21:49:30 +08:00 · 2014-08-09 21:49:30 +08:00 · a68e08cb47
parent 377da55d51
commit a68e08cb47
1 changed files with 5 additions and 0 deletions
--- a/bin/heat-keystone-setup-domain
+++ b/bin/heat-keystone-setup-domain
@ -79,6 +79,11 @@ def main():
            logger.error("Unexpected filtered list response, please upgrade "
                         "keystoneclient to >= 0.5")
            sys.exit(1)
+    except kc_exception.Forbidden:
+        logger.error("User '%s' is not authorized to perform this "
+                     "operation, please try with other OS_USERNAME setting." %
+                     USERNAME)
+        sys.exit(1)

    # Create heat domain admin user
    if not HEAT_DOMAIN_PASSWORD: