Worth noting, I have been playing with 3.2.0 and the same problem persists in our deployment which is running a variant of the old default keystone policy.
On 22/09/16 10:34, Adrian Turjak wrote: > That commit doesn't really address the problem in question though. > > The problem is that the OpenStack client assumes the "get user" policy > in Keystone allows you to get your own user, which it didn't until > Newton, and thus a lot of deployments probably are using the default > policy or some variant thereof. Ours is included in this list, and > while I am working on getting our Keystone policy updated to match > that assumption, it makes sense to fix the issue in the > openstackclient for anyone else running into this problem. > > What I'd like to do is one of these two options: > - "openstack user project list", a command which will get your id from > your authed token and used it directly with the keystoneclient as > such: "keystoneclient.projects.list(user='<my_user_id>')" which will > pipe the call correctly to: "/v3/users/{user_id}/projects" > - or update "openstack project list" with a "--auth-user" flag that > ignores all other options and directly filters the project list by > your token's user id. This type of option is already present in the > "role assignment list" command. From a UX standpoint part of me feels > that project list should default to --auth-user if your token doesn't > have admin roles, but I'm not sure how easy that would be to do. > > There may be other commands that fall over due to a unneeded > resource_find call to get user, but I haven't explored those too much > yet. Chances are any non-admin command which can be filtered by user > and does a resource find first we fall over on anything < Newton. > > On 22/09/16 06:31, Steve Martinelli wrote: >> On Wed, Sep 21, 2016 at 1:04 PM, Dolph Mathews >> <dolph.math...@gmail.com <mailto:dolph.math...@gmail.com>> wrote: >> >> >> I should also express a +1 for something along the lines of your >> original proposal. I'd go so far as to suggest that `openstack >> show user` (without a user ID or name as an argument) should >> return "me" (the authenticated user), as I think that'd be a >> better user experience. >> >> >> That should be fixed in openstackclient 3.0.0 >> -- >> https://github.com/openstack/python-openstackclient/commit/337d013c94378a4b3f0e8f90e4f5bd745448658f >> >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev