From b6384886973c652c0161a9caeac6f31066edace1 Mon Sep 17 00:00:00 2001 From: Terry Howe Date: Fri, 30 May 2014 10:38:20 -0600 Subject: Domain administrator cannot do project operations Domain administrator cannot do project operations because the require access to the domain API (which they don't have). When attempting to find a domain for project operations, ignore errors because the API returns nothing without indicating there is a problem. The domain administrators will have to use a domain id, but they will still be able to do project operations. If the user does not have permission to read the domain table, they cannot use domain names. Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752 Closes-Bug: #1317478 Closes-Bug: #1317485 --- openstackclient/identity/common.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'openstackclient/identity/common.py') diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 6aeaa3c3..48dc0c89 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -16,6 +16,7 @@ """Common identity code""" from keystoneclient import exceptions as identity_exc +from keystoneclient.v3 import domains from openstackclient.common import exceptions from openstackclient.common import utils @@ -36,3 +37,23 @@ def find_service(identity_client, name_type_or_id): msg = ("No service with a type, name or ID of '%s' exists." % name_type_or_id) raise exceptions.CommandError(msg) + + +def find_domain(identity_client, name_or_id): + """Find a domain. + + If the user does not have permssions to access the v3 domain API, + assume that domain given is the id rather than the name. This + method is used by the project list command, so errors access the + domain will be ignored and if the user has access to the project + API, everything will work fine. + + Closes bugs #1317478 and #1317485. + """ + try: + dom = utils.find_resource(identity_client.domains, name_or_id) + if dom is not None: + return dom + except identity_exc.Forbidden: + pass + return domains.Domain(None, {'id': name_or_id}) -- cgit v1.2.1