diff options
| author | Peter Stachowski <peter@tesora.com> | 2016-07-28 15:57:59 +0000 |
|---|---|---|
| committer | Peter Stachowski <peter@tesora.com> | 2016-12-22 08:08:16 -0800 |
| commit | fb4064d39e5268af2c28a21087c07aa5d2d9956e (patch) | |
| tree | e37c796d4d4cd66388c81d574eefdbd5302a65a4 | |
| parent | 857f2496ff41b798cad51caa424c1cbf4ed8d78c (diff) | |
| download | python-troveclient-fb4064d39e5268af2c28a21087c07aa5d2d9956e.tar.gz | |
Fix module-list
Under a keystone V3 scenario, the CLI command for
module-list will fail as it tried to determine whether
to display the 'visible' and 'tenant' fields (which only
make sense to show to an admin).
Keystone V3 stores the role information (used to find
out if the user has admin access) in a different
place than V2. This fix uses a keystoneauth1 property
to have the value determined correctly internally,
so trove doesn't have to worry about it.
The logic was also moved to the utils module to
faciliate reuse.
Closes-Bug: #1622019
Change-Id: I6dbc3660b507017f85d06bde2903f4d2334fea35
| -rw-r--r-- | releasenotes/notes/fix_admin_keystoneauth1-ed534462434.yaml | 5 | ||||
| -rw-r--r-- | troveclient/utils.py | 11 | ||||
| -rw-r--r-- | troveclient/v1/shell.py | 14 |
3 files changed, 17 insertions, 13 deletions
diff --git a/releasenotes/notes/fix_admin_keystoneauth1-ed534462434.yaml b/releasenotes/notes/fix_admin_keystoneauth1-ed534462434.yaml new file mode 100644 index 0000000..2bbb657 --- /dev/null +++ b/releasenotes/notes/fix_admin_keystoneauth1-ed534462434.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Having the CLI command display non-redundant information + for module-list when invoked with admin privileges now + works with both keystone V2 and V3. Bug 1622019 diff --git a/troveclient/utils.py b/troveclient/utils.py index 9fb12b1..6121656 100644 --- a/troveclient/utils.py +++ b/troveclient/utils.py @@ -246,6 +246,17 @@ def find_resource(manager, name_or_id): raise exceptions.CommandError(msg) +def is_admin(cs): + is_admin = False + try: + is_admin = 'admin' in cs.client.auth.auth_ref.role_names + except Exception: + print("Warning: Could not determine current role. Assuming non-admin") + pass + + return is_admin + + class HookableMixin(object): """Mixin so classes can register and run hooks.""" _hooks_map = {} diff --git a/troveclient/v1/shell.py b/troveclient/v1/shell.py index 86eae0e..08d1aed 100644 --- a/troveclient/v1/shell.py +++ b/troveclient/v1/shell.py @@ -1736,19 +1736,7 @@ def do_module_list(cs, args): 'datastore_version', 'auto_apply', 'priority_apply', 'apply_order', 'is_admin', 'tenant', 'visible'] - is_admin = False - try: - try: - roles = cs.client.auth.auth_ref['user']['roles'] - except TypeError: - roles = cs.client.auth.auth_ref._data['access']['user']['roles'] - role_names = [role['name'] for role in roles] - is_admin = 'admin' in role_names - except TypeError: - pass - except AttributeError: - pass - if not is_admin: + if not utils.is_admin(cs): field_list = field_list[:-2] utils.print_list( module_list, field_list, |