Merge "Add neutron rbac support"
This commit is contained in:
@@ -20,6 +20,7 @@ Network Resources
|
||||
v2/pool_member
|
||||
v2/port
|
||||
v2/quota
|
||||
v2/rbac_policy
|
||||
v2/router
|
||||
v2/security_group
|
||||
v2/security_group_rule
|
||||
|
12
doc/source/users/resources/network/v2/rbac_policy.rst
Normal file
12
doc/source/users/resources/network/v2/rbac_policy.rst
Normal file
@@ -0,0 +1,12 @@
|
||||
openstack.network.v2.rbac_policy
|
||||
================================
|
||||
|
||||
.. automodule:: openstack.network.v2.rbac_policy
|
||||
|
||||
The RBACPolicy Class
|
||||
--------------------
|
||||
|
||||
The ``RBACPolicy`` class inherits from :class:`~openstack.resource.Resource`.
|
||||
|
||||
.. autoclass:: openstack.network.v2.rbac_policy.RBACPolicy
|
||||
:members:
|
@@ -26,6 +26,7 @@ from openstack.network.v2 import pool as _pool
|
||||
from openstack.network.v2 import pool_member as _pool_member
|
||||
from openstack.network.v2 import port as _port
|
||||
from openstack.network.v2 import quota as _quota
|
||||
from openstack.network.v2 import rbac_policy as _rbac_policy
|
||||
from openstack.network.v2 import router as _router
|
||||
from openstack.network.v2 import security_group as _security_group
|
||||
from openstack.network.v2 import security_group_rule as _security_group_rule
|
||||
@@ -1199,6 +1200,91 @@ class Proxy(proxy.BaseProxy):
|
||||
"""
|
||||
return self._update(_quota.Quota, quota, **attrs)
|
||||
|
||||
def create_rbac_policy(self, **attrs):
|
||||
"""Create a new RBAC policy from attributes
|
||||
|
||||
:param dict attrs: Keyword arguments which will be used to create a
|
||||
:class:`~openstack.network.v2.rbac_policy.RBACPolicy`,
|
||||
comprised of the properties on the RBACPolicy class.
|
||||
|
||||
:return: The results of RBAC policy creation
|
||||
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
|
||||
"""
|
||||
return self._create(_rbac_policy.RBACPolicy, **attrs)
|
||||
|
||||
def delete_rbac_policy(self, rbac_policy, ignore_missing=True):
|
||||
"""Delete a RBAC policy
|
||||
|
||||
:param rbac_policy: The value can be either the ID of a RBAC policy or
|
||||
a :class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
|
||||
:param bool ignore_missing: When set to ``False``
|
||||
:class:`~openstack.exceptions.ResourceNotFound` will be
|
||||
raised when the RBAC policy does not exist.
|
||||
When set to ``True``, no exception will be set when
|
||||
attempting to delete a nonexistent RBAC policy.
|
||||
|
||||
:returns: ``None``
|
||||
"""
|
||||
self._delete(_rbac_policy.RBACPolicy, rbac_policy,
|
||||
ignore_missing=ignore_missing)
|
||||
|
||||
def find_rbac_policy(self, id, ignore_missing=True):
|
||||
"""Find a single RBAC policy
|
||||
|
||||
:param id: The ID of a RBAC policy.
|
||||
:param bool ignore_missing: When set to ``False``
|
||||
:class:`~openstack.exceptions.ResourceNotFound` will be
|
||||
raised when the resource does not exist.
|
||||
When set to ``True``, None will be returned when
|
||||
attempting to find a nonexistent resource.
|
||||
:returns: One
|
||||
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` or None
|
||||
"""
|
||||
return self._find(_rbac_policy.RBACPolicy, id,
|
||||
ignore_missing=ignore_missing)
|
||||
|
||||
def get_rbac_policy(self, rbac_policy):
|
||||
"""Get a single RBAC policy
|
||||
|
||||
:param rbac_policy: The value can be the ID of a RBAC policy or a
|
||||
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
|
||||
|
||||
:returns: One :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
|
||||
:raises: :class:`~openstack.exceptions.ResourceNotFound`
|
||||
when no resource can be found.
|
||||
"""
|
||||
return self._get(_rbac_policy.RBACPolicy, rbac_policy)
|
||||
|
||||
def rbac_policies(self, **query):
|
||||
"""Return a generator of RBAC policies
|
||||
|
||||
:param kwargs \*\*query: Optional query parameters to be sent to limit
|
||||
the resources being returned. Available parameters include:
|
||||
|
||||
* tenant_id: The owner tenant ID.
|
||||
* target_tenant: ID of the tenant to which the RBAC policy
|
||||
will be enforced.
|
||||
* object_type: Type of the object that RBAC policy affects.
|
||||
* action: Action for the RBAC policy.
|
||||
|
||||
:returns: A generator of rbac objects
|
||||
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
|
||||
"""
|
||||
return self._list(_rbac_policy.RBACPolicy, paginated=False, **query)
|
||||
|
||||
def update_rbac_policy(self, rbac_policy, **attrs):
|
||||
"""Update a RBAC policy
|
||||
|
||||
:param rbac_policy: Either the id of a RBAC policy or a
|
||||
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
|
||||
:attrs kwargs: The attributes to update on the RBAC policy represented
|
||||
by ``value``.
|
||||
|
||||
:returns: The updated RBAC policy
|
||||
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
|
||||
"""
|
||||
return self._update(_rbac_policy.RBACPolicy, rbac_policy, **attrs)
|
||||
|
||||
def create_router(self, **attrs):
|
||||
"""Create a new router from attributes
|
||||
|
||||
|
40
openstack/network/v2/rbac_policy.py
Normal file
40
openstack/network/v2/rbac_policy.py
Normal file
@@ -0,0 +1,40 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from openstack.network import network_service
|
||||
from openstack import resource
|
||||
|
||||
|
||||
class RBACPolicy(resource.Resource):
|
||||
resource_key = 'rbac_policy'
|
||||
resources_key = 'rbac_policies'
|
||||
base_path = '/rbac-policies'
|
||||
service = network_service.NetworkService()
|
||||
|
||||
# capabilities
|
||||
allow_create = True
|
||||
allow_retrieve = True
|
||||
allow_update = True
|
||||
allow_delete = True
|
||||
allow_list = True
|
||||
|
||||
# Properties
|
||||
#: The id of RBAC object.
|
||||
object_id = resource.prop('object_id')
|
||||
#: The ID of the project this RBAC will be enforced.
|
||||
target_project_id = resource.prop('target_tenant')
|
||||
#: The owner project ID.
|
||||
project_id = resource.prop('tenant_id')
|
||||
#: Type of the object that RBAC policy affects.
|
||||
object_type = resource.prop('object_type')
|
||||
#: Action for the RBAC policy.
|
||||
action = resource.prop('action')
|
64
openstack/tests/functional/network/v2/test_rbac_policy.py
Normal file
64
openstack/tests/functional/network/v2/test_rbac_policy.py
Normal file
@@ -0,0 +1,64 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import uuid
|
||||
|
||||
from openstack.network.v2 import network
|
||||
from openstack.network.v2 import rbac_policy
|
||||
from openstack.tests.functional import base
|
||||
|
||||
|
||||
class TestRBACPolicy(base.BaseFunctionalTest):
|
||||
|
||||
NET_NAME = 'net-' + uuid.uuid4().hex
|
||||
UPDATE_NAME = uuid.uuid4().hex
|
||||
ACTION = 'access_as_shared'
|
||||
OBJ_TYPE = 'network'
|
||||
TARGET_TENANT_ID = '*'
|
||||
NET_ID = None
|
||||
ID = None
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
super(TestRBACPolicy, cls).setUpClass()
|
||||
net = cls.conn.network.create_network(name=cls.NET_NAME)
|
||||
assert isinstance(net, network.Network)
|
||||
cls.NET_ID = net.id
|
||||
|
||||
sot = cls.conn.network.\
|
||||
create_rbac_policy(action=cls.ACTION,
|
||||
object_type=cls.OBJ_TYPE,
|
||||
target_tenant=cls.TARGET_TENANT_ID,
|
||||
object_id=cls.NET_ID)
|
||||
assert isinstance(sot, rbac_policy.RBACPolicy)
|
||||
cls.ID = sot.id
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
sot = cls.conn.network.delete_rbac_policy(cls.ID,
|
||||
ignore_missing=False)
|
||||
cls.assertIs(None, sot)
|
||||
sot = cls.conn.network.delete_network(cls.NET_ID,
|
||||
ignore_missing=False)
|
||||
cls.assertIs(None, sot)
|
||||
|
||||
def test_find(self):
|
||||
sot = self.conn.network.find_rbac_policy(self.ID)
|
||||
self.assertEqual(self.ID, sot.id)
|
||||
|
||||
def test_get(self):
|
||||
sot = self.conn.network.get_rbac_policy(self.ID)
|
||||
self.assertEqual(self.ID, sot.id)
|
||||
|
||||
def test_list(self):
|
||||
ids = [o.id for o in self.conn.network.rbac_policies()]
|
||||
self.assertIn(self.ID, ids)
|
@@ -29,6 +29,7 @@ from openstack.network.v2 import pool
|
||||
from openstack.network.v2 import pool_member
|
||||
from openstack.network.v2 import port
|
||||
from openstack.network.v2 import quota
|
||||
from openstack.network.v2 import rbac_policy
|
||||
from openstack.network.v2 import router
|
||||
from openstack.network.v2 import security_group
|
||||
from openstack.network.v2 import security_group_rule
|
||||
@@ -396,6 +397,32 @@ class TestNetworkProxy(test_proxy_base.TestProxyBase):
|
||||
def test_quota_update(self):
|
||||
self.verify_update(self.proxy.update_quota, quota.Quota)
|
||||
|
||||
def test_rbac_policy_create_attrs(self):
|
||||
self.verify_create(self.proxy.create_rbac_policy,
|
||||
rbac_policy.RBACPolicy)
|
||||
|
||||
def test_rbac_policy_delete(self):
|
||||
self.verify_delete(self.proxy.delete_rbac_policy,
|
||||
rbac_policy.RBACPolicy, False)
|
||||
|
||||
def test_rbac_policy_delete_ignore(self):
|
||||
self.verify_delete(self.proxy.delete_rbac_policy,
|
||||
rbac_policy.RBACPolicy, True)
|
||||
|
||||
def test_rbac_policy_find(self):
|
||||
self.verify_find(self.proxy.find_rbac_policy, rbac_policy.RBACPolicy)
|
||||
|
||||
def test_rbac_policy_get(self):
|
||||
self.verify_get(self.proxy.get_rbac_policy, rbac_policy.RBACPolicy)
|
||||
|
||||
def test_rbac_policies(self):
|
||||
self.verify_list(self.proxy.rbac_policies,
|
||||
rbac_policy.RBACPolicy, paginated=False)
|
||||
|
||||
def test_rbac_policy_update(self):
|
||||
self.verify_update(self.proxy.update_rbac_policy,
|
||||
rbac_policy.RBACPolicy)
|
||||
|
||||
def test_router_create_attrs(self):
|
||||
self.verify_create(self.proxy.create_router, router.Router)
|
||||
|
||||
|
48
openstack/tests/unit/network/v2/test_rbac_policy.py
Normal file
48
openstack/tests/unit/network/v2/test_rbac_policy.py
Normal file
@@ -0,0 +1,48 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import testtools
|
||||
|
||||
from openstack.network.v2 import rbac_policy
|
||||
|
||||
IDENTIFIER = 'IDENTIFIER'
|
||||
EXAMPLE = {
|
||||
'object_id': IDENTIFIER,
|
||||
'tenant_id': '5',
|
||||
'object_type': 'network',
|
||||
'action': 'access_as_shared',
|
||||
'target_tenant': '10',
|
||||
}
|
||||
|
||||
|
||||
class TestRBACPolicy(testtools.TestCase):
|
||||
|
||||
def test_basic(self):
|
||||
sot = rbac_policy.RBACPolicy()
|
||||
self.assertEqual('rbac_policy', sot.resource_key)
|
||||
self.assertEqual('rbac_policies', sot.resources_key)
|
||||
self.assertEqual('/rbac-policies', sot.base_path)
|
||||
self.assertEqual('network', sot.service.service_type)
|
||||
self.assertTrue(sot.allow_create)
|
||||
self.assertTrue(sot.allow_retrieve)
|
||||
self.assertTrue(sot.allow_update)
|
||||
self.assertTrue(sot.allow_delete)
|
||||
self.assertTrue(sot.allow_list)
|
||||
|
||||
def test_make_it(self):
|
||||
sot = rbac_policy.RBACPolicy(EXAMPLE)
|
||||
self.assertEqual(EXAMPLE['object_id'],
|
||||
sot.object_id)
|
||||
self.assertEqual(EXAMPLE['tenant_id'], sot.project_id)
|
||||
self.assertEqual(EXAMPLE['object_type'], sot.object_type)
|
||||
self.assertEqual(EXAMPLE['action'], sot.action)
|
||||
self.assertEqual(EXAMPLE['target_tenant'], sot.target_project_id)
|
Reference in New Issue
Block a user