python-openstackclient/doc/source/command-objects/role-assignment.rst
Henry Nash 713d92df4e Add assignment list to v2 identity and deprecate alternate listing
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.

This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).

This patch:

- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments

Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
2016-07-22 21:46:29 +00:00

99 lines
1.9 KiB
ReStructuredText

===============
role assignment
===============
Identity v2, v3
role assignment list
--------------------
List role assignments
.. program:: role assignment list
.. code:: bash
os role assignment list
[--role <role>]
[--user <user>]
[--user-domain <user-domain>]
[--group <group>]
[--group-domain <group-domain>]
[--domain <domain>]
[--project <project>]
[--project-domain <project-domain>]
[--effective]
[--inherited]
[--names]
.. option:: --role <role>
Role to filter (name or ID)
.. versionadded:: 3
.. option:: --user <user>
User to filter (name or ID)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group <group>
Group to filter (name or ID)
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --domain <domain>
Domain to filter (name or ID)
.. versionadded:: 3
.. option:: --project <project>
Project to filter (name or ID)
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
.. option:: --effective
Returns only effective role assignments (defaults to False)
.. versionadded:: 3
.. option:: --inherited
Specifies if the role grant is inheritable to the sub projects
.. versionadded:: 3
.. option:: --names
Returns role assignments with names instead of IDs
.. option:: --auth-user
Returns role assignments for the authenticated user.
.. option:: --auth-project
Returns role assignments for the project to which the authenticated user
is scoped.