diff options
| author | adrian-turjak <adriant@catalyst.net.nz> | 2016-09-26 13:06:42 +1300 |
|---|---|---|
| committer | adrian-turjak <adriant@catalyst.net.nz> | 2017-03-20 14:40:56 +1300 |
| commit | 49f6032b699804b1b0ed56137ab14ba266251157 (patch) | |
| tree | 3974902aa84cf99ca462ddb1c2a305c8c88a554a /openstackclient/identity | |
| parent | ad5b57fd19d08bb16c539a042f0a48653b700b4a (diff) | |
| download | python-openstackclient-49f6032b699804b1b0ed56137ab14ba266251157.tar.gz | |
Non-Admin can't list own projects
Due to a default Keystone policy until Newtown,
and the use of resource_find, non-admins are unable
to list their own projects.
This patch bypasses this problem while also introducing better
UX for non-admins wishing to get their project list.
'openstack project list' retains the default of 'list all projects'
but on a forbidden error will default instead to 'list my projects'.
This way for non-admins 'list my projects' feels like the default
without breaking the expected admin default.
Adding the '--my-projects' option allows admins to easily list their
own projects or allows non-admins to be explicit and bypass the
forbidden error fallback.
Change-Id: I1021276f69fbbf28e13e17c4e567d932fce7ed8b
Closes-Bug: #1627555
Diffstat (limited to 'openstackclient/identity')
| -rw-r--r-- | openstackclient/identity/v3/project.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/openstackclient/identity/v3/project.py b/openstackclient/identity/v3/project.py index 473dda1a..873ee9c7 100644 --- a/openstackclient/identity/v3/project.py +++ b/openstackclient/identity/v3/project.py @@ -189,6 +189,12 @@ class ListProject(command.Lister): help=_('Filter projects by <user> (name or ID)'), ) parser.add_argument( + '--my-projects', + action='store_true', + help=_('List projects for the authenticated user. ' + 'Supersedes other filters.'), + ) + parser.add_argument( '--long', action='store_true', default=False, @@ -228,9 +234,25 @@ class ListProject(command.Lister): kwargs['user'] = user_id - data = identity_client.projects.list(**kwargs) + if parsed_args.my_projects: + # NOTE(adriant): my-projects supersedes all the other filters. + kwargs = {'user': self.app.client_manager.auth_ref.user_id} + + try: + data = identity_client.projects.list(**kwargs) + except ks_exc.Forbidden: + # NOTE(adriant): if no filters, assume a forbidden is non-admin + # wanting their own project list. + if not kwargs: + user = self.app.client_manager.auth_ref.user_id + data = identity_client.projects.list( + user=user) + else: + raise + if parsed_args.sort: data = utils.sort_items(data, parsed_args.sort) + return (columns, (utils.get_item_properties( s, columns, |