joyent/node-triton#120 Ensure 'triton inst ls' only requires ListMachines RBAC access
This commit is contained in:
Trent Mick
parent
fabe0a0841
commit
0932365d46
@ -7,6 +7,11 @@ Known issues:
|
|||||||
|
|
||||||
## 4.13.0 (not yet released)
|
## 4.13.0 (not yet released)
|
||||||
|
|
||||||
|
- [#120] Don't fail `triton instance list` if the retrieval of *image* info
|
||||||
|
(retrieved to get image name and version, as a bonus) fails with an
|
||||||
|
authorization error -- in case it is an RBAC failure where a subuser can
|
||||||
|
ListMachines, but not ListImages.
|
||||||
|
|
||||||
- [#113] *Usage* errors now some "error help", including option or command
|
- [#113] *Usage* errors now some "error help", including option or command
|
||||||
synopses. Some examples (the new thing is marked with `>`):
|
synopses. Some examples (the new thing is marked with `>`):
|
||||||
|
|
||||||
|
|||||||
5
TODO.txt
5
TODO.txt
@ -1,3 +1,8 @@
|
|||||||
|
- The 'shortcut' commands use `handlerFromSubcmd(...).dispatch`. That
|
||||||
|
doesn't run the subcmd class's `.init()` method. node-cmdln should provide
|
||||||
|
a way to do this. ... basically want to call the *main()* but with preparsed
|
||||||
|
options. Perhaps the init/fini should move into dispatch?
|
||||||
|
|
||||||
triton create affinity support for tag matching, globs, regex
|
triton create affinity support for tag matching, globs, regex
|
||||||
|
|
||||||
note in README that full UUIDs is much faster in the API
|
note in README that full UUIDs is much faster in the API
|
||||||
|
|||||||
@ -47,6 +47,7 @@ function do_list(subcmd, opts, args, callback) {
|
|||||||
this.do_help('help', {}, [subcmd], callback);
|
this.do_help('help', {}, [subcmd], callback);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
var log = self.top.log;
|
||||||
|
|
||||||
var columns = columnsDefault;
|
var columns = columnsDefault;
|
||||||
if (opts.o) {
|
if (opts.o) {
|
||||||
@ -70,7 +71,7 @@ function do_list(subcmd, opts, args, callback) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
var imgs;
|
var imgs = [];
|
||||||
var insts;
|
var insts;
|
||||||
|
|
||||||
vasync.parallel({funcs: [
|
vasync.parallel({funcs: [
|
||||||
@ -78,7 +79,18 @@ function do_list(subcmd, opts, args, callback) {
|
|||||||
self.top.tritonapi.listImages({useCache: true},
|
self.top.tritonapi.listImages({useCache: true},
|
||||||
function (err, _imgs) {
|
function (err, _imgs) {
|
||||||
if (err) {
|
if (err) {
|
||||||
|
if (err.statusCode === 403) {
|
||||||
|
/*
|
||||||
|
* This could be a authorization error due to RBAC
|
||||||
|
* on a subuser. We don't want to fail `triton inst ls`
|
||||||
|
* if the subuser can ListMachines, but not ListImages.
|
||||||
|
*/
|
||||||
|
log.debug(err,
|
||||||
|
'authz error listing images for insts info');
|
||||||
|
next();
|
||||||
|
} else {
|
||||||
next(err);
|
next(err);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
imgs = _imgs;
|
imgs = _imgs;
|
||||||
next();
|
next();
|
||||||
|
|||||||
Reference in New Issue
Block a user