project name-to-id conversion failing for non-admin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
Medium
|
David Rabel |
Bug Description
While attempting to create a role that is not allowed to list projects but is allowed to give role assignments within their project (essentially a project-specific administrator), I found that the following commands all fail because they are unable to find projA:
`openstack role add –user jim –project projA member`
`openstack role add –user jim –project projA member`
`openstack role assignment list –project projA`
This is because the admin role is required to list projects, and the current implementation is attempting to list projects to convert the project name to an id, which is required for the API call these commands depend on.
We have already addressed similar issues under the following bugs (such that something like `openstack project show projA` does work for the role I'm trying to create).
https:/
https:/
The same kind of solution should work here... I.e., use the project id from the token data if the project name from the token data matches the requested project name.
Changed in python-openstackclient: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
I think to fix this in "role add" or "role remove" does not make too much sense. There is also a call to /users?name=jim , which cannot be done as non-admin either. So this wouldn't really help.
I will provide a patch proposal for role assignment list later.