Use _get_token_resource in role assignment list

If project matches the project from access token,
we do not have to send an API request to /projects?name=...,
because the project ID is already known.
This API request may require additional permissions, so
we want to avoid it, if possible.

Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e
Closes-Bug: #1658189
This commit is contained in:
David Rabel 2017-05-15 18:11:37 +02:00
parent 0181de38af
commit 0ad6b6b2e0
2 changed files with 8 additions and 1 deletions

View File

@ -128,7 +128,8 @@ class ListRoleAssignment(command.Lister):
if parsed_args.project: if parsed_args.project:
project = common.find_project( project = common.find_project(
identity_client, identity_client,
parsed_args.project, common._get_token_resource(identity_client, 'project',
parsed_args.project),
parsed_args.project_domain, parsed_args.project_domain,
) )
elif parsed_args.authproject: elif parsed_args.authproject:

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Make ``role assignment list`` callable without administrator permissions
if restricted to own project with ``--project`` parameter.
[Bug `1658189 <https://bugs.launchpad.net/python-openstackclient/+bug/1658189>`_]