diff options
| author | Henry Nash <henryn@linux.vnet.ibm.com> | 2016-04-29 23:59:27 +0100 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2016-07-22 21:46:29 +0000 |
| commit | 713d92df4e53f74698a1ff2dfcb7514ff22f023b (patch) | |
| tree | dbf6825abaa32d4779d07ea28c7d637411959efd /doc/source/command-objects/role-assignment.rst | |
| parent | 719c5d79ced34687944eb0bf458f36070817a7b9 (diff) | |
| download | python-openstackclient-713d92df4e53f74698a1ff2dfcb7514ff22f023b.tar.gz | |
Add assignment list to v2 identity and deprecate alternate listing
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.
This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).
This patch:
- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments
Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
Diffstat (limited to 'doc/source/command-objects/role-assignment.rst')
| -rw-r--r-- | doc/source/command-objects/role-assignment.rst | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/doc/source/command-objects/role-assignment.rst b/doc/source/command-objects/role-assignment.rst index 893ebdc4..ef1b22ee 100644 --- a/doc/source/command-objects/role-assignment.rst +++ b/doc/source/command-objects/role-assignment.rst @@ -2,7 +2,7 @@ role assignment =============== -Identity v3 +Identity v2, v3 role assignment list -------------------- @@ -23,11 +23,14 @@ List role assignments [--project-domain <project-domain>] [--effective] [--inherited] + [--names] .. option:: --role <role> Role to filter (name or ID) + .. versionadded:: 3 + .. option:: --user <user> User to filter (name or ID) @@ -37,19 +40,27 @@ List role assignments Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. + .. versionadded:: 3 + .. option:: --group <group> Group to filter (name or ID) + .. versionadded:: 3 + .. option:: --group-domain <group-domain> Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. + .. versionadded:: 3 + .. option:: --domain <domain> Domain to filter (name or ID) + .. versionadded:: 3 + .. option:: --project <project> Project to filter (name or ID) @@ -59,14 +70,29 @@ List role assignments Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. + .. versionadded:: 3 + .. option:: --effective Returns only effective role assignments (defaults to False) + .. versionadded:: 3 + .. option:: --inherited Specifies if the role grant is inheritable to the sub projects + .. versionadded:: 3 + .. option:: --names Returns role assignments with names instead of IDs + +.. option:: --auth-user + + Returns role assignments for the authenticated user. + +.. option:: --auth-project + + Returns role assignments for the project to which the authenticated user + is scoped. |