openstack/python-openstackclient
Code Issues Proposed changes
4c107e6f1b
python-openstackclient/openstackclient
History
Nathan Kinder 4c107e6f1b Role operations should not require list object permission 
When using Keystone's policy.v3cloudsample.json policy file, a project admin is
supposed to be able to manage role assignments.  Unfortunately, a project admin
isn't allowed to perform these operations using python-openstackclient, as we
attempt to perform list operations for any of the object types specified (users,
groups, projects). This is done in an attempt to lookup the id of the object by
name, but we perform this list operation even when the user specifies everything
by id. This causes 403 errors.

This patch still attempts to look up the object id by name, but we catch the 403
and assume that the user specified an id if the list operation is not allowed.
This is similar to what we do with the --domain option for other commands.

Closes-bug: #1445528
Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
2015-04-17 10:14:57 -07:00
..
api Base TokenEndpoint plugin on keystoneclient's 2015-03-11 19:16:18 +11:00
common Add support to specify volume quotas per volume type 2015-04-15 01:42:00 -04:00
compute Add warning message if unknown version supplied 2015-04-13 16:21:50 -06:00
identity Role operations should not require list object permission 2015-04-17 10:14:57 -07:00
image Use glanceclient's inbuilt images find 2015-04-02 11:21:07 +11:00
network Add project and domain params to network create 2015-03-19 23:49:02 -07:00
object Fine tune some of the helps commands 2015-01-13 00:58:57 -05:00
tests Add support to remote_id 2015-03-30 11:53:17 -04:00
volume Change volume create --snapshot-id to --snapshot 2015-02-06 16:45:08 -08:00
__init__.py Change version reporting to use pbr 2013-08-02 12:11:49 -05:00
i18n.py Add translation markers for user v2 actions 2014-10-09 14:47:19 -04:00
shell.py Merge "Use cliff deferred help instead of homemade one" 2015-04-14 22:14:13 +00:00