b638488697
Domain administrator cannot do project operations because the require access to the domain API (which they don't have). When attempting to find a domain for project operations, ignore errors because the API returns nothing without indicating there is a problem. The domain administrators will have to use a domain id, but they will still be able to do project operations. If the user does not have permission to read the domain table, they cannot use domain names. Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752 Closes-Bug: #1317478 Closes-Bug: #1317485
60 lines
2.2 KiB
Python
60 lines
2.2 KiB
Python
# Copyright 2012-2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
"""Common identity code"""
|
|
|
|
from keystoneclient import exceptions as identity_exc
|
|
from keystoneclient.v3 import domains
|
|
from openstackclient.common import exceptions
|
|
from openstackclient.common import utils
|
|
|
|
|
|
def find_service(identity_client, name_type_or_id):
|
|
"""Find a service by id, name or type."""
|
|
|
|
try:
|
|
# search for the usual ID or name
|
|
return utils.find_resource(identity_client.services, name_type_or_id)
|
|
except exceptions.CommandError:
|
|
try:
|
|
# search for service type
|
|
return identity_client.services.find(type=name_type_or_id)
|
|
# FIXME(dtroyer): This exception should eventually come from
|
|
# common client exceptions
|
|
except identity_exc.NotFound:
|
|
msg = ("No service with a type, name or ID of '%s' exists."
|
|
% name_type_or_id)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
|
|
def find_domain(identity_client, name_or_id):
|
|
"""Find a domain.
|
|
|
|
If the user does not have permssions to access the v3 domain API,
|
|
assume that domain given is the id rather than the name. This
|
|
method is used by the project list command, so errors access the
|
|
domain will be ignored and if the user has access to the project
|
|
API, everything will work fine.
|
|
|
|
Closes bugs #1317478 and #1317485.
|
|
"""
|
|
try:
|
|
dom = utils.find_resource(identity_client.domains, name_or_id)
|
|
if dom is not None:
|
|
return dom
|
|
except identity_exc.Forbidden:
|
|
pass
|
|
return domains.Domain(None, {'id': name_or_id})
|