713d92df4e
The current identity role list command (both v2 and v3) is overloaded with listing roles as well as assignments (if you provide user, group, project or domain options). This is in addition to the v3 assignment list command designed for this purpose. This overloading complicates the fact that roles can now be domain specific (i.e. have a domain attribute), so the command 'role list --domain <domain-name' will soon become ambigious (this is in a follow on patch). This patch: - Adds a v2 assignments list, with support for pulling the user and project from the auth credentials - For comapability, adds the same auth support to the existing v3 assignments list - Deprecates the use of role list and user role list to list assignments Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8 Partial-Bug: 1605774
99 lines
1.9 KiB
ReStructuredText
99 lines
1.9 KiB
ReStructuredText
===============
|
|
role assignment
|
|
===============
|
|
|
|
Identity v2, v3
|
|
|
|
role assignment list
|
|
--------------------
|
|
|
|
List role assignments
|
|
|
|
.. program:: role assignment list
|
|
.. code:: bash
|
|
|
|
os role assignment list
|
|
[--role <role>]
|
|
[--user <user>]
|
|
[--user-domain <user-domain>]
|
|
[--group <group>]
|
|
[--group-domain <group-domain>]
|
|
[--domain <domain>]
|
|
[--project <project>]
|
|
[--project-domain <project-domain>]
|
|
[--effective]
|
|
[--inherited]
|
|
[--names]
|
|
|
|
.. option:: --role <role>
|
|
|
|
Role to filter (name or ID)
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --user <user>
|
|
|
|
User to filter (name or ID)
|
|
|
|
.. option:: --user-domain <user-domain>
|
|
|
|
Domain the user belongs to (name or ID).
|
|
This can be used in case collisions between user names exist.
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --group <group>
|
|
|
|
Group to filter (name or ID)
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --group-domain <group-domain>
|
|
|
|
Domain the group belongs to (name or ID).
|
|
This can be used in case collisions between group names exist.
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --domain <domain>
|
|
|
|
Domain to filter (name or ID)
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --project <project>
|
|
|
|
Project to filter (name or ID)
|
|
|
|
.. option:: --project-domain <project-domain>
|
|
|
|
Domain the project belongs to (name or ID).
|
|
This can be used in case collisions between project names exist.
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --effective
|
|
|
|
Returns only effective role assignments (defaults to False)
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --inherited
|
|
|
|
Specifies if the role grant is inheritable to the sub projects
|
|
|
|
.. versionadded:: 3
|
|
|
|
.. option:: --names
|
|
|
|
Returns role assignments with names instead of IDs
|
|
|
|
.. option:: --auth-user
|
|
|
|
Returns role assignments for the authenticated user.
|
|
|
|
.. option:: --auth-project
|
|
|
|
Returns role assignments for the project to which the authenticated user
|
|
is scoped.
|