| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Fix a bug for "service show" subcommand cannot cache NoUniqueMatch Exception
Change-Id: I393c5417de0fef424618b08119ddbc8fea27e114
Closes-Bug: #1524305
|
| |
|
|
|
| |
Change-Id: I6fb08edd5499767863e0e67f363bcd9fff3aea60
Closes-Bug: 1475127
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
|
| |
|
|
|
|
|
| |
put the common options in identity.common, this way the help is
consistent
Change-Id: I5b09cfb56fa0f8d16feb95150f216fccbe9f2b22
|
| |
|
|
|
|
|
|
|
| |
Many of the commands for the group and role resources were lacking an
option to specify the specific domain groups, projects or users belong
to. This commit fixes that.
Change-Id: I461d2bcfd01ad2dea970de38ec7ad6f4a631ceb1
Closes-bug: #1446546
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If users, projects or groups are provided by name, there is a
possibility of the existence other users/projects/groups with the same
name in other domain. Even though this is not a problem if the actual
ID is given instead of a name; this is mostly a usability enhancement.
So, three options were added, one for specifying the domain where the
user belongs, another one to specify the project's domain, and finally
one to specify the group's domain.
Change-Id: Iab04b0e04fa75ea5aa3723b8ea42a45f58a6cdb2
Closes-Bug: #1421328
|
| |
|
|
|
|
|
|
|
|
| |
Based on the comments made in this patch:
https://review.openstack.org/#/c/174908/2/
We should simplify and refactor the way we handle finding identity
resources.
Change-Id: I77db2e3564faa90a917082a6c6cb87269e93aebe
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using Keystone's policy.v3cloudsample.json policy file, a project admin is
supposed to be able to manage role assignments. Unfortunately, a project admin
isn't allowed to perform these operations using python-openstackclient, as we
attempt to perform list operations for any of the object types specified (users,
groups, projects). This is done in an attempt to lookup the id of the object by
name, but we perform this list operation even when the user specifies everything
by id. This causes 403 errors.
This patch still attempts to look up the object id by name, but we catch the 403
and assume that the user specified an id if the list operation is not allowed.
This is similar to what we do with the --domain option for other commands.
Closes-bug: #1445528
Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
|
| |
|
|
|
|
|
|
|
| |
This should make it easier to understand the
purpose of find_domain - I believe the reason
for which find_resource wasn't enough was not
quite clear.
Change-Id: I6a1cdfa86f52401d95c6da2cd38d7c95a140b4a1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
|
|
|
Make endpoints more consistent across create, show, etc
* Make the name option required for create
* Use a common function to fetch services by id, name or type
* Have show work by endpoint id or by service id, type or name
* Have show display all the fields by default
* Remove capability to filter queries by attribute value pairs
Change-Id: Idaa4b8d930ba859fd62de777e44a10b1ed58c79b
Partial-Bug: #1184012
|
