From fac321458166cccffc0eb1d13a986a01c9e6d33e Mon Sep 17 00:00:00 2001 From: Huanxuan Ao Date: Tue, 2 Aug 2016 19:30:25 +0800 Subject: [PATCH] Implement "network rbac set" command Add "network rbac set" command which just supports setting a target project. Also, This patch adds the doc, unit test and functional test. But there is a bug of showing network RBAC https://bugs.launchpad.net/python-openstacksdk/+bug/1608903 We need to skip the functional test before this bug fixed. Change-Id: I756f448bb333cf1098a735e57a1c5dc4edf195d4 Partially-Implements: blueprint neutron-client-rbac --- doc/source/command-objects/network-rbac.rst | 26 +++++++++ .../tests/network/v2/test_network_rbac.py | 29 ++++++++-- openstackclient/network/v2/network_rbac.py | 41 ++++++++++++++ .../tests/network/v2/test_network_rbac.py | 56 +++++++++++++++++++ ...-neutron-client-rbac-bbd7b545b50d2bdf.yaml | 4 +- setup.cfg | 1 + 6 files changed, 151 insertions(+), 6 deletions(-) diff --git a/doc/source/command-objects/network-rbac.rst b/doc/source/command-objects/network-rbac.rst index ff929491ca..8acf097964 100644 --- a/doc/source/command-objects/network-rbac.rst +++ b/doc/source/command-objects/network-rbac.rst @@ -80,6 +80,32 @@ List network RBAC policies os network rbac list +network rbac set +---------------- + +Set network RBAC policy properties + +.. program:: network rbac set +.. code:: bash + + os network rbac set + [--target-project [--target-project-domain ]] + + +.. option:: --target-project + + The project to which the RBAC policy will be enforced (name or ID) + +.. option:: --target-project-domain + + Domain the target project belongs to (name or ID). + This can be used in case collisions between project names exist. + +.. _network_rbac_set-rbac-policy: +.. describe:: + + RBAC policy to be modified (ID only) + network rbac show ----------------- diff --git a/functional/tests/network/v2/test_network_rbac.py b/functional/tests/network/v2/test_network_rbac.py index 5d8cc1cc49..e7e358583d 100644 --- a/functional/tests/network/v2/test_network_rbac.py +++ b/functional/tests/network/v2/test_network_rbac.py @@ -12,12 +12,15 @@ import uuid +import testtools + from functional.common import test class NetworkRBACTests(test.TestCase): """Functional tests for network rbac. """ NET_NAME = uuid.uuid4().hex + PROJECT_NAME = uuid.uuid4().hex OBJECT_ID = None ID = None HEADERS = ['ID'] @@ -39,10 +42,10 @@ class NetworkRBACTests(test.TestCase): @classmethod def tearDownClass(cls): - raw_output = cls.openstack('network rbac delete ' + cls.ID) - cls.assertOutput('', raw_output) - raw_output = cls.openstack('network delete ' + cls.OBJECT_ID) - cls.assertOutput('', raw_output) + raw_output_rbac = cls.openstack('network rbac delete ' + cls.ID) + raw_output_network = cls.openstack('network delete ' + cls.OBJECT_ID) + cls.assertOutput('', raw_output_rbac) + cls.assertOutput('', raw_output_network) def test_network_rbac_list(self): opts = self.get_opts(self.HEADERS) @@ -53,3 +56,21 @@ class NetworkRBACTests(test.TestCase): opts = self.get_opts(self.FIELDS) raw_output = self.openstack('network rbac show ' + self.ID + opts) self.assertEqual(self.ID + "\n", raw_output) + + # TODO(Huanxuan Ao): This test can pass after bug + # https://bugs.launchpad.net/python-openstackclient/+bug/1608903 fixed. + @testtools.skip( + 'Skip because of the bug ' + 'https://bugs.launchpad.net/python-openstackclient/+bug/1608903') + def test_network_rbac_set(self): + opts = self.get_opts(self.FIELDS) + project_id = self.openstack( + 'project create ' + self.PROJECT_NAME + opts) + self.openstack('network rbac set ' + self.ID + + ' --target-project ' + self.PROJECT_NAME) + opts = self.get_opts(['target_project']) + raw_output_rbac = self.openstack('network rbac show ' + self.ID + opts) + raw_output_project = self.openstack( + 'project delete ' + self.PROJECT_NAME) + self.assertEqual(project_id, raw_output_rbac) + self.assertOutput('', raw_output_project) diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py index 62968376df..f4dfd4e734 100644 --- a/openstackclient/network/v2/network_rbac.py +++ b/openstackclient/network/v2/network_rbac.py @@ -186,6 +186,47 @@ class ListNetworkRBAC(command.Lister): ) for s in data)) +class SetNetworkRBAC(command.Command): + """Set network RBAC policy properties""" + + def get_parser(self, prog_name): + parser = super(SetNetworkRBAC, self).get_parser(prog_name) + parser.add_argument( + 'rbac_policy', + metavar="", + help=_("RBAC policy to be modified (ID only)") + ) + parser.add_argument( + '--target-project', + metavar="", + help=_('The project to which the RBAC policy ' + 'will be enforced (name or ID)') + ) + parser.add_argument( + '--target-project-domain', + metavar='', + help=_('Domain the target project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.'), + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.network + obj = client.find_rbac_policy(parsed_args.rbac_policy, + ignore_missing=False) + attrs = {} + if parsed_args.target_project: + identity_client = self.app.client_manager.identity + project_id = identity_common.find_project( + identity_client, + parsed_args.target_project, + parsed_args.target_project_domain, + ).id + attrs['target_tenant'] = project_id + client.update_rbac_policy(obj, **attrs) + + class ShowNetworkRBAC(command.ShowOne): """Display network RBAC policy details""" diff --git a/openstackclient/tests/network/v2/test_network_rbac.py b/openstackclient/tests/network/v2/test_network_rbac.py index 5d6e9cfa0b..6255ada706 100644 --- a/openstackclient/tests/network/v2/test_network_rbac.py +++ b/openstackclient/tests/network/v2/test_network_rbac.py @@ -317,6 +317,62 @@ class TestListNetworkRABC(TestNetworkRBAC): self.assertEqual(self.data, list(data)) +class TestSetNetworkRBAC(TestNetworkRBAC): + + project = identity_fakes_v3.FakeProject.create_one_project() + rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac( + attrs={'target_tenant': project.id}) + + def setUp(self): + super(TestSetNetworkRBAC, self).setUp() + + # Get the command object to test + self.cmd = network_rbac.SetNetworkRBAC(self.app, self.namespace) + + self.network.find_rbac_policy = mock.Mock( + return_value=self.rbac_policy) + self.network.update_rbac_policy = mock.Mock(return_value=None) + self.projects_mock.get.return_value = self.project + + def test_network_rbac_set_nothing(self): + arglist = [ + self.rbac_policy.id, + ] + verifylist = [ + ('rbac_policy', self.rbac_policy.id), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + result = self.cmd.take_action(parsed_args) + self.network.find_rbac_policy.assert_called_once_with( + self.rbac_policy.id, ignore_missing=False + ) + attrs = {} + self.network.update_rbac_policy.assert_called_once_with( + self.rbac_policy, **attrs) + self.assertIsNone(result) + + def test_network_rbac_set(self): + arglist = [ + '--target-project', self.project.id, + self.rbac_policy.id, + ] + verifylist = [ + ('target_project', self.project.id), + ('rbac_policy', self.rbac_policy.id), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + result = self.cmd.take_action(parsed_args) + self.network.find_rbac_policy.assert_called_once_with( + self.rbac_policy.id, ignore_missing=False + ) + attrs = {'target_tenant': self.project.id} + self.network.update_rbac_policy.assert_called_once_with( + self.rbac_policy, **attrs) + self.assertIsNone(result) + + class TestShowNetworkRBAC(TestNetworkRBAC): rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac() diff --git a/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml b/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml index 7a00e587a0..eef92c93bd 100644 --- a/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml +++ b/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml @@ -1,5 +1,5 @@ --- features: - - Add ``network rbac list``, ``network rbac show``, ``network rbac create`` - and ``network rbac delete`` commands. + - Add ``network rbac list``, ``network rbac show``, ``network rbac create``, + ``network rbac delete`` and ``network rbac set`` commands. [Blueprint `neutron-client-rbac `_] diff --git a/setup.cfg b/setup.cfg index c0bb221936..fa2067a7ce 100644 --- a/setup.cfg +++ b/setup.cfg @@ -364,6 +364,7 @@ openstack.network.v2 = network_rbac_create = openstackclient.network.v2.network_rbac:CreateNetworkRBAC network_rbac_delete = openstackclient.network.v2.network_rbac:DeleteNetworkRBAC network_rbac_list = openstackclient.network.v2.network_rbac:ListNetworkRBAC + network_rbac_set = openstackclient.network.v2.network_rbac:SetNetworkRBAC network_rbac_show = openstackclient.network.v2.network_rbac:ShowNetworkRBAC network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment