Handle 403 error on creating trust

Currently, creating trust requires permission to list roles, but
non-admin users don't have permission to do that by default. This
commit adds exception handling on listing roles, and continue to
create trust if server returns 403.

Closes-Bug: #1658582
Change-Id: I4f016b76cb46ae07ef65ed54780881bbcd6210d3
This commit is contained in:
Hongbin Lu 2017-01-23 00:04:02 -06:00 committed by Steve Martinelli
parent 607f31d3db
commit 5cf77bb672
2 changed files with 14 additions and 4 deletions

View File

@ -16,6 +16,7 @@
import datetime
import logging
from keystoneclient import exceptions as identity_exc
from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
@ -105,10 +106,13 @@ class CreateTrust(command.ShowOne):
role_names = []
for role in parsed_args.role:
try:
role_name = utils.find_resource(
identity_client.roles,
role,
).name
except identity_exc.Forbidden:
role_name = role
role_names.append(role_name)
expires_at = None

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Correctly handle non-admin in ``create trust`` command when looking
up role names.
[Bug `1658582 <https://bugs.launchpad.net/python-openstackclient/+bug/1658582>`_]