Skip to content

Commit 0ad6b6b

Browse files
committed
Use _get_token_resource in role assignment list
If project matches the project from access token, we do not have to send an API request to /projects?name=..., because the project ID is already known. This API request may require additional permissions, so we want to avoid it, if possible. Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e Closes-Bug: #1658189
1 parent 0181de3 commit 0ad6b6b

2 files changed

Lines changed: 8 additions & 1 deletion

File tree

openstackclient/identity/v3/role_assignment.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,8 @@ def take_action(self, parsed_args):
128128
if parsed_args.project:
129129
project = common.find_project(
130130
identity_client,
131-
parsed_args.project,
131+
common._get_token_resource(identity_client, 'project',
132+
parsed_args.project),
132133
parsed_args.project_domain,
133134
)
134135
elif parsed_args.authproject:
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
---
2+
fixes:
3+
- |
4+
Make ``role assignment list`` callable without administrator permissions
5+
if restricted to own project with ``--project`` parameter.
6+
[Bug `1658189 <https://bugs.launchpad.net/python-openstackclient/+bug/1658189>`_]

0 commit comments

Comments
 (0)