diff options
| author | Henry Nash <henryn@linux.vnet.ibm.com> | 2016-04-29 23:59:27 +0100 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2016-07-22 21:46:29 +0000 |
| commit | 713d92df4e53f74698a1ff2dfcb7514ff22f023b (patch) | |
| tree | dbf6825abaa32d4779d07ea28c7d637411959efd /doc/source/command-objects | |
| parent | 719c5d79ced34687944eb0bf458f36070817a7b9 (diff) | |
| download | python-openstackclient-713d92df4e53f74698a1ff2dfcb7514ff22f023b.tar.gz | |
Add assignment list to v2 identity and deprecate alternate listing
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.
This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).
This patch:
- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments
Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
Diffstat (limited to 'doc/source/command-objects')
| -rw-r--r-- | doc/source/command-objects/role-assignment.rst | 28 | ||||
| -rw-r--r-- | doc/source/command-objects/role.rst | 20 |
2 files changed, 41 insertions, 7 deletions
diff --git a/doc/source/command-objects/role-assignment.rst b/doc/source/command-objects/role-assignment.rst index 893ebdc4..ef1b22ee 100644 --- a/doc/source/command-objects/role-assignment.rst +++ b/doc/source/command-objects/role-assignment.rst @@ -2,7 +2,7 @@ role assignment =============== -Identity v3 +Identity v2, v3 role assignment list -------------------- @@ -23,11 +23,14 @@ List role assignments [--project-domain <project-domain>] [--effective] [--inherited] + [--names] .. option:: --role <role> Role to filter (name or ID) + .. versionadded:: 3 + .. option:: --user <user> User to filter (name or ID) @@ -37,19 +40,27 @@ List role assignments Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. + .. versionadded:: 3 + .. option:: --group <group> Group to filter (name or ID) + .. versionadded:: 3 + .. option:: --group-domain <group-domain> Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. + .. versionadded:: 3 + .. option:: --domain <domain> Domain to filter (name or ID) + .. versionadded:: 3 + .. option:: --project <project> Project to filter (name or ID) @@ -59,14 +70,29 @@ List role assignments Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. + .. versionadded:: 3 + .. option:: --effective Returns only effective role assignments (defaults to False) + .. versionadded:: 3 + .. option:: --inherited Specifies if the role grant is inheritable to the sub projects + .. versionadded:: 3 + .. option:: --names Returns role assignments with names instead of IDs + +.. option:: --auth-user + + Returns role assignments for the authenticated user. + +.. option:: --auth-project + + Returns role assignments for the project to which the authenticated user + is scoped. diff --git a/doc/source/command-objects/role.rst b/doc/source/command-objects/role.rst index 48751ed7..5542a35b 100644 --- a/doc/source/command-objects/role.rst +++ b/doc/source/command-objects/role.rst @@ -7,7 +7,7 @@ Identity v2, v3 role add -------- -Add role to a user or group in a project or domain +Add role assignment to a user or group in a project or domain .. program:: role add .. code:: bash @@ -123,31 +123,33 @@ List roles Filter roles by <domain> (name or ID) - .. versionadded:: 3 + (Deprecated, please use ``role assignment list`` instead) .. option:: --project <project> Filter roles by <project> (name or ID) - .. versionadded:: 3 + (Deprecated, please use ``role assignment list`` instead) .. option:: --user <user> Filter roles by <user> (name or ID) - .. versionadded:: 3 + (Deprecated, please use ``role assignment list`` instead) .. option:: --group <group> Filter roles by <group> (name or ID) - .. versionadded:: 3 + (Deprecated, please use ``role assignment list`` instead) .. option:: --user-domain <user-domain> Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. + (Deprecated, please use ``role assignment list`` instead) + .. versionadded:: 3 .. option:: --group-domain <group-domain> @@ -155,6 +157,8 @@ List roles Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. + (Deprecated, please use ``role assignment list`` instead) + .. versionadded:: 3 .. option:: --project-domain <project-domain> @@ -162,18 +166,22 @@ List roles Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. + (Deprecated, please use ``role assignment list`` instead) + .. versionadded:: 3 .. option:: --inherited Specifies if the role grant is inheritable to the sub projects. + (Deprecated, please use ``role assignment list`` instead) + .. versionadded:: 3 role remove ----------- -Remove role from domain/project : user/group +Remove role assignment from domain/project : user/group .. program:: role remove .. code:: bash |