diff options
| author | Hongbin Lu <hongbin.lu@huawei.com> | 2017-01-23 00:04:02 -0600 |
|---|---|---|
| committer | Steve Martinelli <s.martinelli@gmail.com> | 2017-01-24 01:50:36 +0000 |
| commit | 5cf77bb672eeb28327cac8bc0a8227c8b7137819 (patch) | |
| tree | aea004129dfdb73015f128687f8e99e354a8e80f /openstackclient/identity | |
| parent | 607f31d3db924517c18fd192239e5ef5963e17f3 (diff) | |
| download | python-openstackclient-5cf77bb672eeb28327cac8bc0a8227c8b7137819.tar.gz | |
Handle 403 error on creating trust
Currently, creating trust requires permission to list roles, but
non-admin users don't have permission to do that by default. This
commit adds exception handling on listing roles, and continue to
create trust if server returns 403.
Closes-Bug: #1658582
Change-Id: I4f016b76cb46ae07ef65ed54780881bbcd6210d3
Diffstat (limited to 'openstackclient/identity')
| -rw-r--r-- | openstackclient/identity/v3/trust.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/openstackclient/identity/v3/trust.py b/openstackclient/identity/v3/trust.py index 04ee4dce..52daeb4d 100644 --- a/openstackclient/identity/v3/trust.py +++ b/openstackclient/identity/v3/trust.py @@ -16,6 +16,7 @@ import datetime import logging +from keystoneclient import exceptions as identity_exc from osc_lib.command import command from osc_lib import exceptions from osc_lib import utils @@ -105,10 +106,13 @@ class CreateTrust(command.ShowOne): role_names = [] for role in parsed_args.role: - role_name = utils.find_resource( - identity_client.roles, - role, - ).name + try: + role_name = utils.find_resource( + identity_client.roles, + role, + ).name + except identity_exc.Forbidden: + role_name = role role_names.append(role_name) expires_at = None |