delta/openstack/python-openstackclient.git/openstackclient/identity, branch pike-em opendev.org: openstack/python-openstackclient Add optional parameter "user_id" and "type" to list credentials 2017-07-25T14:56:50+00:00 zhanghongtao zhanghongtao0826@126.com 2017-07-25T07:48:27+00:00 470a1f1acfe261357fc3125b2db3bc6ec10c654e In keystone version 3.5, "type" optional attribute has been added to list credentials. This patch add "user_id" and "type" optional parameter in openstack client. Change-Id: Ia09ee7c39204fdff2dfd7b9b606d888d007caac5 
In keystone version 3.5, "type" optional attribute has been added
to list credentials. This patch add "user_id" and "type" optional
parameter in openstack client.

Change-Id: Ia09ee7c39204fdff2dfd7b9b606d888d007caac5
Add domain parameter to Identity Provider 2017-07-21T15:28:57+00:00 Kristi Nikolla knikolla@bu.edu 2017-06-16T19:04:40+00:00 77ff011ced18260242224a7317aba92d53ff1455 Identity providers are now associated with domains. This change allows a user to specify a domain by ID or by name when creating an identity provider. [0] This also adds the column for Domain ID in listing. Updating a domain for an identity provider is not supported, so that isn't changed. [0]. Id18b8b2fe853b97631bc990df8188ed64a6e1275 Closes-Bug: 1698390 Change-Id: Icc408e2fe88f257d5863bd3df716a777d52befcc 
Identity providers are now associated with domains. This change
allows a user to specify a domain by ID or by name when creating
an identity provider. [0]

This also adds the column for Domain ID in listing.
Updating a domain for an identity provider is not supported, so
that isn't changed.

[0]. Id18b8b2fe853b97631bc990df8188ed64a6e1275

Closes-Bug: 1698390

Change-Id: Icc408e2fe88f257d5863bd3df716a777d52befcc
Fix 'domain' filter not work well in some commands 2017-07-18T23:01:22+00:00 jiangpch jiangpengcheng@navercorp.com 2017-07-13T08:58:00+00:00 a01bf55d2065ec1a98f486109cc8d315def501cd The 'domain' filter not work well in commands 'project show', 'user show' and 'user set'. Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84 Closes-Bug: #1704097 Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7 
The 'domain' filter not work well in commands 'project show',
'user show' and 'user set'.

Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84
Closes-Bug: #1704097
Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7
When creating a trust, send role_ids instead or role_names 2017-06-22T17:08:01+00:00 Kristi Nikolla knikolla@bu.edu 2017-06-16T19:33:46+00:00 da53c2b33457f4f1e93bdda6c0c16172ea36bc78 This changes create a trust to use ids instead of names because of the possibility of roles sharing a name. Even if the user uniquely identified a role by inputting the id, the request sent to the identity service would used the name, therefore the command would fail in the case that two roles share a name. This does not change how trusts are displayed during trust list or trust show, a name will still be shown instead of an id. Depends-On: I38e0ac35946ee6e53128babac3ea759a380572e0 Change-Id: I5bdf89f1e288954a7f5c2704231f270bc7d196f5 Closes-Bug: 1696111 
This changes create a trust to use ids instead of names because of
the possibility of roles sharing a name. Even if the user
uniquely identified a role by inputting the id, the request sent
to the identity service would used the name, therefore the command
would fail in the case that two roles share a name.

This does not change how trusts are displayed during trust list or
trust show, a name will still be shown instead of an id.

Depends-On: I38e0ac35946ee6e53128babac3ea759a380572e0

Change-Id: I5bdf89f1e288954a7f5c2704231f270bc7d196f5
Closes-Bug: 1696111
Use _get_token_resource in role assignment list 2017-05-23T15:16:41+00:00 David Rabel rabel@b1-systems.de 2017-05-15T16:11:37+00:00 0ad6b6b2e0b26ebc93a99730bcc414bf8e091759 If project matches the project from access token, we do not have to send an API request to /projects?name=..., because the project ID is already known. This API request may require additional permissions, so we want to avoid it, if possible. Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e Closes-Bug: #1658189 
If project matches the project from access token,
we do not have to send an API request to /projects?name=...,
because the project ID is already known.
This API request may require additional permissions, so
we want to avoid it, if possible.

Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e
Closes-Bug: #1658189
Support to add/remove multi users for "group add/remove user" 2017-03-21T02:39:42+00:00 Huanxuan Ao huanxuan.ao@easystack.cn 2017-03-17T05:28:49+00:00 ef5a7caf85bd6169701371da67029457abdaf47f Similar delete commands in OSC, we can also support add/remove multi users for one specified group, this review implement it. Change-Id: I8ccf99d4ee83a18778fa3ff5c0a42bc7c6ff21fb Implements: bp support-multi-add-remove 
Similar delete commands in OSC, we can also support add/remove
multi users for one specified group, this review implement it.

Change-Id: I8ccf99d4ee83a18778fa3ff5c0a42bc7c6ff21fb
Implements: bp support-multi-add-remove
Non-Admin can't list own projects 2017-03-20T01:40:56+00:00 adrian-turjak adriant@catalyst.net.nz 2016-09-26T00:06:42+00:00 49f6032b699804b1b0ed56137ab14ba266251157 Due to a default Keystone policy until Newtown, and the use of resource_find, non-admins are unable to list their own projects. This patch bypasses this problem while also introducing better UX for non-admins wishing to get their project list. 'openstack project list' retains the default of 'list all projects' but on a forbidden error will default instead to 'list my projects'. This way for non-admins 'list my projects' feels like the default without breaking the expected admin default. Adding the '--my-projects' option allows admins to easily list their own projects or allows non-admins to be explicit and bypass the forbidden error fallback. Change-Id: I1021276f69fbbf28e13e17c4e567d932fce7ed8b Closes-Bug: #1627555 
Due to a default Keystone policy until Newtown,
and the use of resource_find, non-admins are unable
to list their own projects.

This patch bypasses this problem while also introducing better
UX for non-admins wishing to get their project list.

'openstack project list' retains the default of 'list all projects'
but on a forbidden error will default instead to 'list my projects'.
This way for non-admins 'list my projects' feels like the default
without breaking the expected admin default.

Adding the '--my-projects' option allows admins to easily list their
own projects or allows non-admins to be explicit and bypass the
forbidden error fallback.

Change-Id: I1021276f69fbbf28e13e17c4e567d932fce7ed8b
Closes-Bug: #1627555
Merge "Narrow expected responses for CheckUserInGroup" 2017-03-16T13:02:02+00:00 Jenkins jenkins@review.openstack.org 2017-03-16T13:02:02+00:00 3d4750cdc875049c4332052d3dd46296d5f74319 






Merge "Add sort support to project list"
2017-03-16T13:01:56+00:00

Jenkins
jenkins@review.openstack.org

2017-03-16T13:01:56+00:00

9184e1928843940509ba8f1e4069675454916d9a












Narrow expected responses for CheckUserInGroup
2017-03-14T08:23:19+00:00

Colleen Murphy
comurphy@suse.com

2017-03-14T00:24:31+00:00

853ea5ab59e5d7845d389e46527038575c3c170c

When checking whether a given user is in a given group, keystone will
return a 404 Not Found if all went well but the user was not in the
group. It may also return a 403 if the user and the group are in
different backends, which would also mean that the user was not in the
group[1]. Any other 400 response is a client error and any 500 response
is a server error to which the user should be alerted.

Without this patch, openstackclient treats any exception as a valid "not
found" and may end up hiding server errors. This patch reduces the
caught exceptions to 403 and 404 responses and treats everything else as
an error.

[1] https://developer.openstack.org/api-ref/identity/v3/?expanded=check-whether-user-belongs-to-group-detail#check-whether-user-belongs-to-group

Closes-bug: #1672634

Change-Id: Id3f3b2409b7cee480ee3c19b6d6c3070599ffe8f





When checking whether a given user is in a given group, keystone will
return a 404 Not Found if all went well but the user was not in the
group. It may also return a 403 if the user and the group are in
different backends, which would also mean that the user was not in the
group[1]. Any other 400 response is a client error and any 500 response
is a server error to which the user should be alerted.

Without this patch, openstackclient treats any exception as a valid "not
found" and may end up hiding server errors. This patch reduces the
caught exceptions to 403 and 404 responses and treats everything else as
an error.

[1] https://developer.openstack.org/api-ref/identity/v3/?expanded=check-whether-user-belongs-to-group-detail#check-whether-user-belongs-to-group

Closes-bug: #1672634

Change-Id: Id3f3b2409b7cee480ee3c19b6d6c3070599ffe8f