Merge "Add neutron rbac support"

This commit is contained in:
Jenkins
2016-06-29 14:40:39 +00:00
committed by Gerrit Code Review
7 changed files with 278 additions and 0 deletions

View File

@@ -20,6 +20,7 @@ Network Resources
v2/pool_member
v2/port
v2/quota
v2/rbac_policy
v2/router
v2/security_group
v2/security_group_rule

View File

@@ -0,0 +1,12 @@
openstack.network.v2.rbac_policy
================================
.. automodule:: openstack.network.v2.rbac_policy
The RBACPolicy Class
--------------------
The ``RBACPolicy`` class inherits from :class:`~openstack.resource.Resource`.
.. autoclass:: openstack.network.v2.rbac_policy.RBACPolicy
:members:

View File

@@ -26,6 +26,7 @@ from openstack.network.v2 import pool as _pool
from openstack.network.v2 import pool_member as _pool_member
from openstack.network.v2 import port as _port
from openstack.network.v2 import quota as _quota
from openstack.network.v2 import rbac_policy as _rbac_policy
from openstack.network.v2 import router as _router
from openstack.network.v2 import security_group as _security_group
from openstack.network.v2 import security_group_rule as _security_group_rule
@@ -1199,6 +1200,91 @@ class Proxy(proxy.BaseProxy):
"""
return self._update(_quota.Quota, quota, **attrs)
def create_rbac_policy(self, **attrs):
"""Create a new RBAC policy from attributes
:param dict attrs: Keyword arguments which will be used to create a
:class:`~openstack.network.v2.rbac_policy.RBACPolicy`,
comprised of the properties on the RBACPolicy class.
:return: The results of RBAC policy creation
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
"""
return self._create(_rbac_policy.RBACPolicy, **attrs)
def delete_rbac_policy(self, rbac_policy, ignore_missing=True):
"""Delete a RBAC policy
:param rbac_policy: The value can be either the ID of a RBAC policy or
a :class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
:param bool ignore_missing: When set to ``False``
:class:`~openstack.exceptions.ResourceNotFound` will be
raised when the RBAC policy does not exist.
When set to ``True``, no exception will be set when
attempting to delete a nonexistent RBAC policy.
:returns: ``None``
"""
self._delete(_rbac_policy.RBACPolicy, rbac_policy,
ignore_missing=ignore_missing)
def find_rbac_policy(self, id, ignore_missing=True):
"""Find a single RBAC policy
:param id: The ID of a RBAC policy.
:param bool ignore_missing: When set to ``False``
:class:`~openstack.exceptions.ResourceNotFound` will be
raised when the resource does not exist.
When set to ``True``, None will be returned when
attempting to find a nonexistent resource.
:returns: One
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` or None
"""
return self._find(_rbac_policy.RBACPolicy, id,
ignore_missing=ignore_missing)
def get_rbac_policy(self, rbac_policy):
"""Get a single RBAC policy
:param rbac_policy: The value can be the ID of a RBAC policy or a
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
:returns: One :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
:raises: :class:`~openstack.exceptions.ResourceNotFound`
when no resource can be found.
"""
return self._get(_rbac_policy.RBACPolicy, rbac_policy)
def rbac_policies(self, **query):
"""Return a generator of RBAC policies
:param kwargs \*\*query: Optional query parameters to be sent to limit
the resources being returned. Available parameters include:
* tenant_id: The owner tenant ID.
* target_tenant: ID of the tenant to which the RBAC policy
will be enforced.
* object_type: Type of the object that RBAC policy affects.
* action: Action for the RBAC policy.
:returns: A generator of rbac objects
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
"""
return self._list(_rbac_policy.RBACPolicy, paginated=False, **query)
def update_rbac_policy(self, rbac_policy, **attrs):
"""Update a RBAC policy
:param rbac_policy: Either the id of a RBAC policy or a
:class:`~openstack.network.v2.rbac_policy.RBACPolicy` instance.
:attrs kwargs: The attributes to update on the RBAC policy represented
by ``value``.
:returns: The updated RBAC policy
:rtype: :class:`~openstack.network.v2.rbac_policy.RBACPolicy`
"""
return self._update(_rbac_policy.RBACPolicy, rbac_policy, **attrs)
def create_router(self, **attrs):
"""Create a new router from attributes

View File

@@ -0,0 +1,40 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from openstack.network import network_service
from openstack import resource
class RBACPolicy(resource.Resource):
resource_key = 'rbac_policy'
resources_key = 'rbac_policies'
base_path = '/rbac-policies'
service = network_service.NetworkService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
# Properties
#: The id of RBAC object.
object_id = resource.prop('object_id')
#: The ID of the project this RBAC will be enforced.
target_project_id = resource.prop('target_tenant')
#: The owner project ID.
project_id = resource.prop('tenant_id')
#: Type of the object that RBAC policy affects.
object_type = resource.prop('object_type')
#: Action for the RBAC policy.
action = resource.prop('action')

View File

@@ -0,0 +1,64 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import uuid
from openstack.network.v2 import network
from openstack.network.v2 import rbac_policy
from openstack.tests.functional import base
class TestRBACPolicy(base.BaseFunctionalTest):
NET_NAME = 'net-' + uuid.uuid4().hex
UPDATE_NAME = uuid.uuid4().hex
ACTION = 'access_as_shared'
OBJ_TYPE = 'network'
TARGET_TENANT_ID = '*'
NET_ID = None
ID = None
@classmethod
def setUpClass(cls):
super(TestRBACPolicy, cls).setUpClass()
net = cls.conn.network.create_network(name=cls.NET_NAME)
assert isinstance(net, network.Network)
cls.NET_ID = net.id
sot = cls.conn.network.\
create_rbac_policy(action=cls.ACTION,
object_type=cls.OBJ_TYPE,
target_tenant=cls.TARGET_TENANT_ID,
object_id=cls.NET_ID)
assert isinstance(sot, rbac_policy.RBACPolicy)
cls.ID = sot.id
@classmethod
def tearDownClass(cls):
sot = cls.conn.network.delete_rbac_policy(cls.ID,
ignore_missing=False)
cls.assertIs(None, sot)
sot = cls.conn.network.delete_network(cls.NET_ID,
ignore_missing=False)
cls.assertIs(None, sot)
def test_find(self):
sot = self.conn.network.find_rbac_policy(self.ID)
self.assertEqual(self.ID, sot.id)
def test_get(self):
sot = self.conn.network.get_rbac_policy(self.ID)
self.assertEqual(self.ID, sot.id)
def test_list(self):
ids = [o.id for o in self.conn.network.rbac_policies()]
self.assertIn(self.ID, ids)

View File

@@ -29,6 +29,7 @@ from openstack.network.v2 import pool
from openstack.network.v2 import pool_member
from openstack.network.v2 import port
from openstack.network.v2 import quota
from openstack.network.v2 import rbac_policy
from openstack.network.v2 import router
from openstack.network.v2 import security_group
from openstack.network.v2 import security_group_rule
@@ -396,6 +397,32 @@ class TestNetworkProxy(test_proxy_base.TestProxyBase):
def test_quota_update(self):
self.verify_update(self.proxy.update_quota, quota.Quota)
def test_rbac_policy_create_attrs(self):
self.verify_create(self.proxy.create_rbac_policy,
rbac_policy.RBACPolicy)
def test_rbac_policy_delete(self):
self.verify_delete(self.proxy.delete_rbac_policy,
rbac_policy.RBACPolicy, False)
def test_rbac_policy_delete_ignore(self):
self.verify_delete(self.proxy.delete_rbac_policy,
rbac_policy.RBACPolicy, True)
def test_rbac_policy_find(self):
self.verify_find(self.proxy.find_rbac_policy, rbac_policy.RBACPolicy)
def test_rbac_policy_get(self):
self.verify_get(self.proxy.get_rbac_policy, rbac_policy.RBACPolicy)
def test_rbac_policies(self):
self.verify_list(self.proxy.rbac_policies,
rbac_policy.RBACPolicy, paginated=False)
def test_rbac_policy_update(self):
self.verify_update(self.proxy.update_rbac_policy,
rbac_policy.RBACPolicy)
def test_router_create_attrs(self):
self.verify_create(self.proxy.create_router, router.Router)

View File

@@ -0,0 +1,48 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import testtools
from openstack.network.v2 import rbac_policy
IDENTIFIER = 'IDENTIFIER'
EXAMPLE = {
'object_id': IDENTIFIER,
'tenant_id': '5',
'object_type': 'network',
'action': 'access_as_shared',
'target_tenant': '10',
}
class TestRBACPolicy(testtools.TestCase):
def test_basic(self):
sot = rbac_policy.RBACPolicy()
self.assertEqual('rbac_policy', sot.resource_key)
self.assertEqual('rbac_policies', sot.resources_key)
self.assertEqual('/rbac-policies', sot.base_path)
self.assertEqual('network', sot.service.service_type)
self.assertTrue(sot.allow_create)
self.assertTrue(sot.allow_retrieve)
self.assertTrue(sot.allow_update)
self.assertTrue(sot.allow_delete)
self.assertTrue(sot.allow_list)
def test_make_it(self):
sot = rbac_policy.RBACPolicy(EXAMPLE)
self.assertEqual(EXAMPLE['object_id'],
sot.object_id)
self.assertEqual(EXAMPLE['tenant_id'], sot.project_id)
self.assertEqual(EXAMPLE['object_type'], sot.object_type)
self.assertEqual(EXAMPLE['action'], sot.action)
self.assertEqual(EXAMPLE['target_tenant'], sot.target_project_id)