From 5cf77bb672eeb28327cac8bc0a8227c8b7137819 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Mon, 23 Jan 2017 00:04:02 -0600 Subject: [PATCH] Handle 403 error on creating trust Currently, creating trust requires permission to list roles, but non-admin users don't have permission to do that by default. This commit adds exception handling on listing roles, and continue to create trust if server returns 403. Closes-Bug: #1658582 Change-Id: I4f016b76cb46ae07ef65ed54780881bbcd6210d3 --- openstackclient/identity/v3/trust.py | 12 ++++++++---- releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml | 6 ++++++ 2 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml diff --git a/openstackclient/identity/v3/trust.py b/openstackclient/identity/v3/trust.py index 04ee4dce5a..52daeb4d16 100644 --- a/openstackclient/identity/v3/trust.py +++ b/openstackclient/identity/v3/trust.py @@ -16,6 +16,7 @@ import datetime import logging +from keystoneclient import exceptions as identity_exc from osc_lib.command import command from osc_lib import exceptions from osc_lib import utils @@ -105,10 +106,13 @@ class CreateTrust(command.ShowOne): role_names = [] for role in parsed_args.role: - role_name = utils.find_resource( - identity_client.roles, - role, - ).name + try: + role_name = utils.find_resource( + identity_client.roles, + role, + ).name + except identity_exc.Forbidden: + role_name = role role_names.append(role_name) expires_at = None diff --git a/releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml b/releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml new file mode 100644 index 0000000000..ee8b25c5c8 --- /dev/null +++ b/releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Correctly handle non-admin in ``create trust`` command when looking + up role names. + [Bug `1658582 `_]