Nathan Kinder 4c107e6f1b Role operations should not require list object permission ...

When using Keystone's policy.v3cloudsample.json policy file, a project admin is
supposed to be able to manage role assignments.  Unfortunately, a project admin
isn't allowed to perform these operations using python-openstackclient, as we
attempt to perform list operations for any of the object types specified (users,
groups, projects). This is done in an attempt to lookup the id of the object by
name, but we perform this list operation even when the user specifies everything
by id. This causes 403 errors.

This patch still attempts to look up the object id by name, but we catch the 403
and assume that the user specified an id if the list operation is not allowed.
This is similar to what we do with the --domain option for other commands.

Closes-bug: #1445528
Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8

2015-04-17 10:14:57 -07:00

..

api

Base TokenEndpoint plugin on keystoneclient's

2015-03-11 19:16:18 +11:00

common

Add support to specify volume quotas per volume type

2015-04-15 01:42:00 -04:00

compute

Add warning message if unknown version supplied

2015-04-13 16:21:50 -06:00

identity

Role operations should not require list object permission

2015-04-17 10:14:57 -07:00

image

Use glanceclient's inbuilt images find

2015-04-02 11:21:07 +11:00

network

Add project and domain params to network create

2015-03-19 23:49:02 -07:00

object

Fine tune some of the helps commands

2015-01-13 00:58:57 -05:00

tests

Add support to remote_id

2015-03-30 11:53:17 -04:00

volume

Change volume create --snapshot-id to --snapshot

2015-02-06 16:45:08 -08:00

__init__.py

Change version reporting to use pbr

2013-08-02 12:11:49 -05:00

i18n.py

Add translation markers for user v2 actions

2014-10-09 14:47:19 -04:00

shell.py

Merge "Use cliff deferred help instead of homemade one"

2015-04-14 22:14:13 +00:00