From 0ad6b6b2e0b26ebc93a99730bcc414bf8e091759 Mon Sep 17 00:00:00 2001 From: David Rabel Date: Mon, 15 May 2017 18:11:37 +0200 Subject: [PATCH] Use _get_token_resource in role assignment list If project matches the project from access token, we do not have to send an API request to /projects?name=..., because the project ID is already known. This API request may require additional permissions, so we want to avoid it, if possible. Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e Closes-Bug: #1658189 --- openstackclient/identity/v3/role_assignment.py | 3 ++- releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml diff --git a/openstackclient/identity/v3/role_assignment.py b/openstackclient/identity/v3/role_assignment.py index 9da050ded..a362adb07 100644 --- a/openstackclient/identity/v3/role_assignment.py +++ b/openstackclient/identity/v3/role_assignment.py @@ -128,7 +128,8 @@ class ListRoleAssignment(command.Lister): if parsed_args.project: project = common.find_project( identity_client, - parsed_args.project, + common._get_token_resource(identity_client, 'project', + parsed_args.project), parsed_args.project_domain, ) elif parsed_args.authproject: diff --git a/releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml b/releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml new file mode 100644 index 000000000..211c4c31a --- /dev/null +++ b/releasenotes/notes/bug-1658189-d2b390ad74c96c79.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Make ``role assignment list`` callable without administrator permissions + if restricted to own project with ``--project`` parameter. + [Bug `1658189 `_]