Implement "network rbac set" command
Add "network rbac set" command which just supports setting a target project. Also, This patch adds the doc, unit test and functional test. But there is a bug of showing network RBAC https://bugs.launchpad.net/python-openstacksdk/+bug/1608903 We need to skip the functional test before this bug fixed. Change-Id: I756f448bb333cf1098a735e57a1c5dc4edf195d4 Partially-Implements: blueprint neutron-client-rbac
This commit is contained in:
parent
2a1c2b2275
commit
fac3214581
@ -80,6 +80,32 @@ List network RBAC policies
|
|||||||
|
|
||||||
os network rbac list
|
os network rbac list
|
||||||
|
|
||||||
|
network rbac set
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Set network RBAC policy properties
|
||||||
|
|
||||||
|
.. program:: network rbac set
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
os network rbac set
|
||||||
|
[--target-project <target-project> [--target-project-domain <target-project-domain>]]
|
||||||
|
<rbac-policy>
|
||||||
|
|
||||||
|
.. option:: --target-project <target-project>
|
||||||
|
|
||||||
|
The project to which the RBAC policy will be enforced (name or ID)
|
||||||
|
|
||||||
|
.. option:: --target-project-domain <target-project-domain>
|
||||||
|
|
||||||
|
Domain the target project belongs to (name or ID).
|
||||||
|
This can be used in case collisions between project names exist.
|
||||||
|
|
||||||
|
.. _network_rbac_set-rbac-policy:
|
||||||
|
.. describe:: <rbac-policy>
|
||||||
|
|
||||||
|
RBAC policy to be modified (ID only)
|
||||||
|
|
||||||
network rbac show
|
network rbac show
|
||||||
-----------------
|
-----------------
|
||||||
|
|
||||||
|
@ -12,12 +12,15 @@
|
|||||||
|
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
import testtools
|
||||||
|
|
||||||
from functional.common import test
|
from functional.common import test
|
||||||
|
|
||||||
|
|
||||||
class NetworkRBACTests(test.TestCase):
|
class NetworkRBACTests(test.TestCase):
|
||||||
"""Functional tests for network rbac. """
|
"""Functional tests for network rbac. """
|
||||||
NET_NAME = uuid.uuid4().hex
|
NET_NAME = uuid.uuid4().hex
|
||||||
|
PROJECT_NAME = uuid.uuid4().hex
|
||||||
OBJECT_ID = None
|
OBJECT_ID = None
|
||||||
ID = None
|
ID = None
|
||||||
HEADERS = ['ID']
|
HEADERS = ['ID']
|
||||||
@ -39,10 +42,10 @@ class NetworkRBACTests(test.TestCase):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def tearDownClass(cls):
|
def tearDownClass(cls):
|
||||||
raw_output = cls.openstack('network rbac delete ' + cls.ID)
|
raw_output_rbac = cls.openstack('network rbac delete ' + cls.ID)
|
||||||
cls.assertOutput('', raw_output)
|
raw_output_network = cls.openstack('network delete ' + cls.OBJECT_ID)
|
||||||
raw_output = cls.openstack('network delete ' + cls.OBJECT_ID)
|
cls.assertOutput('', raw_output_rbac)
|
||||||
cls.assertOutput('', raw_output)
|
cls.assertOutput('', raw_output_network)
|
||||||
|
|
||||||
def test_network_rbac_list(self):
|
def test_network_rbac_list(self):
|
||||||
opts = self.get_opts(self.HEADERS)
|
opts = self.get_opts(self.HEADERS)
|
||||||
@ -53,3 +56,21 @@ class NetworkRBACTests(test.TestCase):
|
|||||||
opts = self.get_opts(self.FIELDS)
|
opts = self.get_opts(self.FIELDS)
|
||||||
raw_output = self.openstack('network rbac show ' + self.ID + opts)
|
raw_output = self.openstack('network rbac show ' + self.ID + opts)
|
||||||
self.assertEqual(self.ID + "\n", raw_output)
|
self.assertEqual(self.ID + "\n", raw_output)
|
||||||
|
|
||||||
|
# TODO(Huanxuan Ao): This test can pass after bug
|
||||||
|
# https://bugs.launchpad.net/python-openstackclient/+bug/1608903 fixed.
|
||||||
|
@testtools.skip(
|
||||||
|
'Skip because of the bug '
|
||||||
|
'https://bugs.launchpad.net/python-openstackclient/+bug/1608903')
|
||||||
|
def test_network_rbac_set(self):
|
||||||
|
opts = self.get_opts(self.FIELDS)
|
||||||
|
project_id = self.openstack(
|
||||||
|
'project create ' + self.PROJECT_NAME + opts)
|
||||||
|
self.openstack('network rbac set ' + self.ID +
|
||||||
|
' --target-project ' + self.PROJECT_NAME)
|
||||||
|
opts = self.get_opts(['target_project'])
|
||||||
|
raw_output_rbac = self.openstack('network rbac show ' + self.ID + opts)
|
||||||
|
raw_output_project = self.openstack(
|
||||||
|
'project delete ' + self.PROJECT_NAME)
|
||||||
|
self.assertEqual(project_id, raw_output_rbac)
|
||||||
|
self.assertOutput('', raw_output_project)
|
||||||
|
@ -186,6 +186,47 @@ class ListNetworkRBAC(command.Lister):
|
|||||||
) for s in data))
|
) for s in data))
|
||||||
|
|
||||||
|
|
||||||
|
class SetNetworkRBAC(command.Command):
|
||||||
|
"""Set network RBAC policy properties"""
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(SetNetworkRBAC, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'rbac_policy',
|
||||||
|
metavar="<rbac-policy>",
|
||||||
|
help=_("RBAC policy to be modified (ID only)")
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--target-project',
|
||||||
|
metavar="<target-project>",
|
||||||
|
help=_('The project to which the RBAC policy '
|
||||||
|
'will be enforced (name or ID)')
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--target-project-domain',
|
||||||
|
metavar='<target-project-domain>',
|
||||||
|
help=_('Domain the target project belongs to (name or ID). '
|
||||||
|
'This can be used in case collisions between project names '
|
||||||
|
'exist.'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.network
|
||||||
|
obj = client.find_rbac_policy(parsed_args.rbac_policy,
|
||||||
|
ignore_missing=False)
|
||||||
|
attrs = {}
|
||||||
|
if parsed_args.target_project:
|
||||||
|
identity_client = self.app.client_manager.identity
|
||||||
|
project_id = identity_common.find_project(
|
||||||
|
identity_client,
|
||||||
|
parsed_args.target_project,
|
||||||
|
parsed_args.target_project_domain,
|
||||||
|
).id
|
||||||
|
attrs['target_tenant'] = project_id
|
||||||
|
client.update_rbac_policy(obj, **attrs)
|
||||||
|
|
||||||
|
|
||||||
class ShowNetworkRBAC(command.ShowOne):
|
class ShowNetworkRBAC(command.ShowOne):
|
||||||
"""Display network RBAC policy details"""
|
"""Display network RBAC policy details"""
|
||||||
|
|
||||||
|
@ -317,6 +317,62 @@ class TestListNetworkRABC(TestNetworkRBAC):
|
|||||||
self.assertEqual(self.data, list(data))
|
self.assertEqual(self.data, list(data))
|
||||||
|
|
||||||
|
|
||||||
|
class TestSetNetworkRBAC(TestNetworkRBAC):
|
||||||
|
|
||||||
|
project = identity_fakes_v3.FakeProject.create_one_project()
|
||||||
|
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac(
|
||||||
|
attrs={'target_tenant': project.id})
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestSetNetworkRBAC, self).setUp()
|
||||||
|
|
||||||
|
# Get the command object to test
|
||||||
|
self.cmd = network_rbac.SetNetworkRBAC(self.app, self.namespace)
|
||||||
|
|
||||||
|
self.network.find_rbac_policy = mock.Mock(
|
||||||
|
return_value=self.rbac_policy)
|
||||||
|
self.network.update_rbac_policy = mock.Mock(return_value=None)
|
||||||
|
self.projects_mock.get.return_value = self.project
|
||||||
|
|
||||||
|
def test_network_rbac_set_nothing(self):
|
||||||
|
arglist = [
|
||||||
|
self.rbac_policy.id,
|
||||||
|
]
|
||||||
|
verifylist = [
|
||||||
|
('rbac_policy', self.rbac_policy.id),
|
||||||
|
]
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
result = self.cmd.take_action(parsed_args)
|
||||||
|
self.network.find_rbac_policy.assert_called_once_with(
|
||||||
|
self.rbac_policy.id, ignore_missing=False
|
||||||
|
)
|
||||||
|
attrs = {}
|
||||||
|
self.network.update_rbac_policy.assert_called_once_with(
|
||||||
|
self.rbac_policy, **attrs)
|
||||||
|
self.assertIsNone(result)
|
||||||
|
|
||||||
|
def test_network_rbac_set(self):
|
||||||
|
arglist = [
|
||||||
|
'--target-project', self.project.id,
|
||||||
|
self.rbac_policy.id,
|
||||||
|
]
|
||||||
|
verifylist = [
|
||||||
|
('target_project', self.project.id),
|
||||||
|
('rbac_policy', self.rbac_policy.id),
|
||||||
|
]
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
result = self.cmd.take_action(parsed_args)
|
||||||
|
self.network.find_rbac_policy.assert_called_once_with(
|
||||||
|
self.rbac_policy.id, ignore_missing=False
|
||||||
|
)
|
||||||
|
attrs = {'target_tenant': self.project.id}
|
||||||
|
self.network.update_rbac_policy.assert_called_once_with(
|
||||||
|
self.rbac_policy, **attrs)
|
||||||
|
self.assertIsNone(result)
|
||||||
|
|
||||||
|
|
||||||
class TestShowNetworkRBAC(TestNetworkRBAC):
|
class TestShowNetworkRBAC(TestNetworkRBAC):
|
||||||
|
|
||||||
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac()
|
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac()
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
features:
|
features:
|
||||||
- Add ``network rbac list``, ``network rbac show``, ``network rbac create``
|
- Add ``network rbac list``, ``network rbac show``, ``network rbac create``,
|
||||||
and ``network rbac delete`` commands.
|
``network rbac delete`` and ``network rbac set`` commands.
|
||||||
[Blueprint `neutron-client-rbac <https://blueprints.launchpad.net/python-openstackclient/+spec/neutron-client-rbac>`_]
|
[Blueprint `neutron-client-rbac <https://blueprints.launchpad.net/python-openstackclient/+spec/neutron-client-rbac>`_]
|
||||||
|
@ -364,6 +364,7 @@ openstack.network.v2 =
|
|||||||
network_rbac_create = openstackclient.network.v2.network_rbac:CreateNetworkRBAC
|
network_rbac_create = openstackclient.network.v2.network_rbac:CreateNetworkRBAC
|
||||||
network_rbac_delete = openstackclient.network.v2.network_rbac:DeleteNetworkRBAC
|
network_rbac_delete = openstackclient.network.v2.network_rbac:DeleteNetworkRBAC
|
||||||
network_rbac_list = openstackclient.network.v2.network_rbac:ListNetworkRBAC
|
network_rbac_list = openstackclient.network.v2.network_rbac:ListNetworkRBAC
|
||||||
|
network_rbac_set = openstackclient.network.v2.network_rbac:SetNetworkRBAC
|
||||||
network_rbac_show = openstackclient.network.v2.network_rbac:ShowNetworkRBAC
|
network_rbac_show = openstackclient.network.v2.network_rbac:ShowNetworkRBAC
|
||||||
|
|
||||||
network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment
|
network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment
|
||||||
|
Loading…
x
Reference in New Issue
Block a user