The current identity role list command (both v2 and v3) is overloaded with listing roles as well as assignments (if you provide user, group, project or domain options). This is in addition to the v3 assignment list command designed for this purpose. This overloading complicates the fact that roles can now be domain specific (i.e. have a domain attribute), so the command 'role list --domain <domain-name' will soon become ambigious (this is in a follow on patch). This patch: - Adds a v2 assignments list, with support for pulling the user and project from the auth credentials - For comapability, adds the same auth support to the existing v3 assignments list - Deprecates the use of role list and user role list to list assignments Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8 Partial-Bug: 1605774
1.9 KiB
role assignment
Identity v2, v3
role assignment list
List role assignments
role assignment list
os role assignment list
[--role <role>]
[--user <user>]
[--user-domain <user-domain>]
[--group <group>]
[--group-domain <group-domain>]
[--domain <domain>]
[--project <project>]
[--project-domain <project-domain>]
[--effective]
[--inherited]
[--names]
--role <role>
Role to filter (name or ID)
3
--user <user>
User to filter (name or ID)
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.
3
--group <group>
Group to filter (name or ID)
3
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.
3
--domain <domain>
Domain to filter (name or ID)
3
--project <project>
Project to filter (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
3
--effective
Returns only effective role assignments (defaults to False)
3
--inherited
Specifies if the role grant is inheritable to the sub projects
3
--names
Returns role assignments with names instead of IDs
--auth-user
Returns role assignments for the authenticated user.
--auth-project
Returns role assignments for the project to which the authenticated user is scoped.