Use _get_token_resource in role assignment list

If project matches the project from access token, we do not have to send an API request to /projects?name=..., because the project ID is already known. This API request may require additional permissions, so we want to avoid it, if possible. Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e Closes-Bug: #1658189
6 years ago · 0ad6b6b2e0
parent 0181de38af
commit 0ad6b6b2e0
2 changed files with 8 additions and 1 deletions
--- a/openstackclient/identity/v3/role_assignment.py
+++ b/openstackclient/identity/v3/role_assignment.py
@ -128,7 +128,8 @@ class ListRoleAssignment(command.Lister):
        if parsed_args.project:
            project = common.find_project(
                identity_client,
-                parsed_args.project,
+                common._get_token_resource(identity_client, 'project',
+                                           parsed_args.project),
                parsed_args.project_domain,
            )
        elif parsed_args.authproject:
--- a/releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml
+++ b/releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Make ``role assignment list`` callable without administrator permissions
+    if restricted to own project with ``--project`` parameter.
+    [Bug `1658189 <https://bugs.launchpad.net/python-openstackclient/+bug/1658189>`_]