| 2016-09-25 23:18:16 |
Adrian Turjak |
bug |
|
|
added bug |
| 2016-09-26 03:48:34 |
venkatamahesh |
description |
"openstack project list" defaults to listing all projects defaults to listing all projects, if you are admin this falls over.
If you just want your project list, you can attempt:
"openstack project list --user <my_username/my_id>"
This will also fail because up until Newton getting your own user required admin. Project list always does a find_resource when given a user filter, which even if you give it a valid userid, it has to fetch the user object from keystone.
As such attempting to get your own project list (a valid and important action) is impossible with the openstack client for anyone running default keystone policy files from anything before Newton.
An easy and sensible solution is to make "openstack project list" still default to all projects, but on a forbidden response, return your own user list. This option is simple, good UX, and actually makes the project list command useful for non-admins. Another option that isn't as nice UX is to add a --auth-user option.
See thread here for discussion and further reading:
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104155.html |
"openstack project list" defaults to listing all projects, if you are admin this falls over.
If you just want your project list, you can attempt:
"openstack project list --user <my_username/my_id>"
This will also fail because up until Newton getting your own user required admin. Project list always does a find_resource when given a user filter, which even if you give it a valid userid, it has to fetch the user object from keystone.
As such attempting to get your own project list (a valid and important action) is impossible with the openstack client for anyone running default keystone policy files from anything before Newton.
An easy and sensible solution is to make "openstack project list" still default to all projects, but on a forbidden response, return your own user list. This option is simple, good UX, and actually makes the project list command useful for non-admins. Another option that isn't as nice UX is to add a --auth-user option.
See thread here for discussion and further reading:
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104155.html |
|
| 2016-10-03 05:08:50 |
Adrian Turjak |
python-openstackclient: assignee |
|
Adrian Turjak (adriant-y) |
|
| 2016-10-17 00:11:57 |
OpenStack Infra |
python-openstackclient: status |
New |
In Progress |
|
| 2016-10-17 00:28:01 |
Adrian Turjak |
description |
"openstack project list" defaults to listing all projects, if you are admin this falls over.
If you just want your project list, you can attempt:
"openstack project list --user <my_username/my_id>"
This will also fail because up until Newton getting your own user required admin. Project list always does a find_resource when given a user filter, which even if you give it a valid userid, it has to fetch the user object from keystone.
As such attempting to get your own project list (a valid and important action) is impossible with the openstack client for anyone running default keystone policy files from anything before Newton.
An easy and sensible solution is to make "openstack project list" still default to all projects, but on a forbidden response, return your own user list. This option is simple, good UX, and actually makes the project list command useful for non-admins. Another option that isn't as nice UX is to add a --auth-user option.
See thread here for discussion and further reading:
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104155.html |
"openstack project list" defaults to listing all projects, if you are not admin this falls over.
If you just want your project list, you can attempt:
"openstack project list --user <my_username/my_id>"
This will also fail because up until Newton getting your own user required admin. Project list always does a find_resource when given a user filter, which even if you give it a valid userid, it has to fetch the user object from keystone.
As such attempting to get your own project list (a valid and important action) is impossible with the openstack client for anyone running default keystone policy files from anything before Newton.
An easy and sensible solution is to make "openstack project list" still default to all projects, but on a forbidden response, return your own user list. This option is simple, good UX, and actually makes the project list command useful for non-admins. Another option that isn't as nice UX is to add a --auth-user option.
See thread here for discussion and further reading:
http://lists.openstack.org/pipermail/openstack-dev/2016-September/104155.html |
|
| 2017-03-20 17:58:41 |
OpenStack Infra |
python-openstackclient: status |
In Progress |
Fix Released |
|
