From 845de41635d7fefa1ae337f88a26ba11283a6552 Mon Sep 17 00:00:00 2001
From: Dean Troyer <dtroyer@gmail.com>
Date: Fri, 12 Sep 2014 20:46:54 -0500
Subject: [PATCH] Return current user/project for user/project show commands
If non-admin user attempts 'project show' or 'user show' on the currently
authenticated project or user return the information that is already in the
service catalog rather than throwing a Forbidden error.
Change-Id: Ieeb6eacf71a471e410fbd3c09e7871740547e890
---
openstackclient/identity/v2_0/project.py | 28 +++++++++++---
openstackclient/identity/v2_0/user.py | 48 ++++++++++++++++--------
2 files changed, 56 insertions(+), 20 deletions(-)
diff --git a/openstackclient/identity/v2_0/project.py b/openstackclient/identity/v2_0/project.py
index 7e19d5aec1..ebd65df7d6 100644
--- a/openstackclient/identity/v2_0/project.py
+++ b/openstackclient/identity/v2_0/project.py
@@ -22,6 +22,7 @@ from cliff import command
from cliff import lister
from cliff import show
+from keystoneclient.openstack.common.apiclient import exceptions as ksc_exc
from openstackclient.common import parseractions
from openstackclient.common import utils
@@ -238,11 +239,28 @@ class ShowProject(show.ShowOne):
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
- project = utils.find_resource(
- identity_client.tenants,
- parsed_args.project,
- )
info = {}
- info.update(project._info)
+ try:
+ project = utils.find_resource(
+ identity_client.tenants,
+ parsed_args.project,
+ )
+ info.update(project._info)
+ except ksc_exc.Forbidden as e:
+ auth_ref = self.app.client_manager.auth_ref
+ if (
+ parsed_args.project == auth_ref.project_id or
+ parsed_args.project == auth_ref.project_name
+ ):
+ # Ask for currently auth'ed project so return it
+ info = {
+ 'id': auth_ref.project_id,
+ 'name': auth_ref.project_name,
+ # True because we don't get this far if it is disabled
+ 'enabled': True,
+ }
+ else:
+ raise e
+
return zip(*sorted(six.iteritems(info)))
diff --git a/openstackclient/identity/v2_0/user.py b/openstackclient/identity/v2_0/user.py
index b291c88258..93ab94fe0e 100644
--- a/openstackclient/identity/v2_0/user.py
+++ b/openstackclient/identity/v2_0/user.py
@@ -22,6 +22,7 @@ from cliff import command
from cliff import lister
from cliff import show
+from keystoneclient.openstack.common.apiclient import exceptions as ksc_exc
from openstackclient.common import utils
@@ -347,20 +348,37 @@ class ShowUser(show.ShowOne):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
- user = utils.find_resource(
- identity_client.users,
- parsed_args.user,
- )
-
- if 'tenantId' in user._info:
- user._info.update(
- {'project_id': user._info.pop('tenantId')}
- )
- if 'tenant_id' in user._info:
- user._info.update(
- {'project_id': user._info.pop('tenant_id')}
- )
-
info = {}
- info.update(user._info)
+ try:
+ user = utils.find_resource(
+ identity_client.users,
+ parsed_args.user,
+ )
+ info.update(user._info)
+ except ksc_exc.Forbidden as e:
+ auth_ref = self.app.client_manager.auth_ref
+ if (
+ parsed_args.user == auth_ref.user_id or
+ parsed_args.user == auth_ref.username
+ ):
+ # Ask for currently auth'ed project so return it
+ info = {
+ 'id': auth_ref.user_id,
+ 'name': auth_ref.username,
+ 'project_id': auth_ref.project_id,
+ # True because we don't get this far if it is disabled
+ 'enabled': True,
+ }
+ else:
+ raise e
+
+ if 'tenantId' in info:
+ info.update(
+ {'project_id': info.pop('tenantId')}
+ )
+ if 'tenant_id' in info:
+ info.update(
+ {'project_id': info.pop('tenant_id')}
+ )
+
return zip(*sorted(six.iteritems(info)))