joyent/node-triton#120 Ensure 'triton inst ls' only requires ListMachines RBAC access

This commit is contained in:
Trent Mick 2016-06-08 14:44:46 -07:00
parent fabe0a0841
commit 0932365d46
3 changed files with 24 additions and 2 deletions

View File

@ -7,6 +7,11 @@ Known issues:
## 4.13.0 (not yet released)
- [#120] Don't fail `triton instance list` if the retrieval of *image* info
(retrieved to get image name and version, as a bonus) fails with an
authorization error -- in case it is an RBAC failure where a subuser can
ListMachines, but not ListImages.
- [#113] *Usage* errors now some "error help", including option or command
synopses. Some examples (the new thing is marked with `>`):

View File

@ -1,3 +1,8 @@
- The 'shortcut' commands use `handlerFromSubcmd(...).dispatch`. That
doesn't run the subcmd class's `.init()` method. node-cmdln should provide
a way to do this. ... basically want to call the *main()* but with preparsed
options. Perhaps the init/fini should move into dispatch?
triton create affinity support for tag matching, globs, regex
note in README that full UUIDs is much faster in the API

View File

@ -47,6 +47,7 @@ function do_list(subcmd, opts, args, callback) {
this.do_help('help', {}, [subcmd], callback);
return;
}
var log = self.top.log;
var columns = columnsDefault;
if (opts.o) {
@ -70,7 +71,7 @@ function do_list(subcmd, opts, args, callback) {
}
var imgs;
var imgs = [];
var insts;
vasync.parallel({funcs: [
@ -78,7 +79,18 @@ function do_list(subcmd, opts, args, callback) {
self.top.tritonapi.listImages({useCache: true},
function (err, _imgs) {
if (err) {
next(err);
if (err.statusCode === 403) {
/*
* This could be a authorization error due to RBAC
* on a subuser. We don't want to fail `triton inst ls`
* if the subuser can ListMachines, but not ListImages.
*/
log.debug(err,
'authz error listing images for insts info');
next();
} else {
next(err);
}
} else {
imgs = _imgs;
next();