diff options
| author | Terry Howe <terrylhowe@gmail.com> | 2014-05-30 10:38:20 -0600 |
|---|---|---|
| committer | Terry Howe <thowe@hp.com> | 2014-07-07 20:18:39 +0000 |
| commit | b6384886973c652c0161a9caeac6f31066edace1 (patch) | |
| tree | e2ed27fc511b9c64a4064c892d6e6d31e300ae50 /openstackclient/identity/common.py | |
| parent | b3736fd9df869e2f2824ed831deb3aa9a446ee59 (diff) | |
| download | python-openstackclient-b6384886973c652c0161a9caeac6f31066edace1.tar.gz | |
Domain administrator cannot do project operations
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
Diffstat (limited to 'openstackclient/identity/common.py')
| -rw-r--r-- | openstackclient/identity/common.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 6aeaa3c3..48dc0c89 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -16,6 +16,7 @@ """Common identity code""" from keystoneclient import exceptions as identity_exc +from keystoneclient.v3 import domains from openstackclient.common import exceptions from openstackclient.common import utils @@ -36,3 +37,23 @@ def find_service(identity_client, name_type_or_id): msg = ("No service with a type, name or ID of '%s' exists." % name_type_or_id) raise exceptions.CommandError(msg) + + +def find_domain(identity_client, name_or_id): + """Find a domain. + + If the user does not have permssions to access the v3 domain API, + assume that domain given is the id rather than the name. This + method is used by the project list command, so errors access the + domain will be ignored and if the user has access to the project + API, everything will work fine. + + Closes bugs #1317478 and #1317485. + """ + try: + dom = utils.find_resource(identity_client.domains, name_or_id) + if dom is not None: + return dom + except identity_exc.Forbidden: + pass + return domains.Domain(None, {'id': name_or_id}) |
