Browse Source

joyent/node-triton#120 Ensure 'triton inst ls' only requires ListMachines RBAC access

tags/4.13.0
Trent Mick 3 years ago
parent
commit
0932365d46
3 changed files with 24 additions and 2 deletions
  1. 5
    0
      CHANGES.md
  2. 5
    0
      TODO.txt
  3. 14
    2
      lib/do_instance/do_list.js

+ 5
- 0
CHANGES.md View File

@@ -7,6 +7,11 @@ Known issues:

## 4.13.0 (not yet released)

- [#120] Don't fail `triton instance list` if the retrieval of *image* info
(retrieved to get image name and version, as a bonus) fails with an
authorization error -- in case it is an RBAC failure where a subuser can
ListMachines, but not ListImages.

- [#113] *Usage* errors now some "error help", including option or command
synopses. Some examples (the new thing is marked with `>`):


+ 5
- 0
TODO.txt View File

@@ -1,3 +1,8 @@
- The 'shortcut' commands use `handlerFromSubcmd(...).dispatch`. That
doesn't run the subcmd class's `.init()` method. node-cmdln should provide
a way to do this. ... basically want to call the *main()* but with preparsed
options. Perhaps the init/fini should move into dispatch?

triton create affinity support for tag matching, globs, regex

note in README that full UUIDs is much faster in the API

+ 14
- 2
lib/do_instance/do_list.js View File

@@ -47,6 +47,7 @@ function do_list(subcmd, opts, args, callback) {
this.do_help('help', {}, [subcmd], callback);
return;
}
var log = self.top.log;

var columns = columnsDefault;
if (opts.o) {
@@ -70,7 +71,7 @@ function do_list(subcmd, opts, args, callback) {
}


var imgs;
var imgs = [];
var insts;

vasync.parallel({funcs: [
@@ -78,7 +79,18 @@ function do_list(subcmd, opts, args, callback) {
self.top.tritonapi.listImages({useCache: true},
function (err, _imgs) {
if (err) {
next(err);
if (err.statusCode === 403) {
/*
* This could be a authorization error due to RBAC
* on a subuser. We don't want to fail `triton inst ls`
* if the subuser can ListMachines, but not ListImages.
*/
log.debug(err,
'authz error listing images for insts info');
next();
} else {
next(err);
}
} else {
imgs = _imgs;
next();

Loading…
Cancel
Save