No output for "openstack port list --project project_name" in case of non-admin user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Bug
====
openstack port list --project project_id command works for both admin and non-admin users.
openstack port list --project project_name command works for only admin users.
Expected behavior
==================
openstack port list --project project_name command should work for both admin and non-admin users.
Steps to reproduce
===================
1. source openrc admin admin
2. openstack port list --project <project_
3, source openrc demo demo
4. openstack port list --project <project_id> [this works]
5. openstack port list --project <project_name> [No output]
On running with --debug flag, seems like non-admin(i.e. demo) users don't have authorization to list projects and so name resolution from project_name to project_id fails. The query forwarded to neutron with project_name instead of project_id. The neutron then filters DB using {project_id: project_name} and query returns empty result.
Ideally, openstack port list command should display ports only belonging to current project as default option. Also this command should not allow to specify --project option for non-admin users as this is security-concern to see ports from other project (even if port is in shared network).
Only admin can see all ports as default option and can use --project to filter output for specific project.