Support RBAC neutron-client changes.

This patch adds the command line support for RBAC work. DocImpact APIImpact Partially-Implements: blueprint rbac-networks Co-Authored-By: dongfeng <albert.dongfeng@huawei.com> Change-Id: I00c6b84b3f7d810f137ce05c0cd936dc194d9708
2015-07-24 15:51:53 +05:30
parent 6281aba974
commit 22c84927d1
5 changed files with 257 additions and 1 deletions
--- a/neutronclient/neutron/v2_0/rbac.py
+++ b/neutronclient/neutron/v2_0/rbac.py
@@ -0,0 +1,102 @@
+# Copyright 2015 Huawei Technologies India Pvt Ltd.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutronclient.i18n import _
+from neutronclient.neutron import v2_0 as neutronV20
+
+
+def get_rbac_object_id(client, obj_type, obj_id_or_name):
+    if obj_type == 'network':
+        obj_id = neutronV20.find_resourceid_by_name_or_id(client,
+                                                          'network',
+                                                          obj_id_or_name)
+    return obj_id
+
+
+class ListRBACPolicy(neutronV20.ListCommand):
+    """List RBAC policies that belong to a given tenant."""
+
+    resource = 'rbac_policy'
+    list_columns = ['id', 'object_id']
+    pagination_support = True
+    sorting_support = True
+
+
+class ShowRBACPolicy(neutronV20.ShowCommand):
+    """Show information of a given RBAC policy."""
+
+    resource = 'rbac_policy'
+
+
+class CreateRBACPolicy(neutronV20.CreateCommand):
+    """Create a RBAC policy for a given tenant."""
+
+    resource = 'rbac_policy'
+
+    def add_known_arguments(self, parser):
+        parser.add_argument(
+            'name',
+            metavar='RBAC_OBJECT',
+            help=_('ID or name of the RBAC object.'))
+        parser.add_argument(
+            '--type', choices=['network'],
+            required=True,
+            help=_('Type of the object that RBAC policy affects.'))
+        parser.add_argument(
+            '--target-tenant',
+            help=_('ID of the tenant to which the RBAC '
+                   'policy will be enforced.'))
+        parser.add_argument(
+            '--action', choices=['access_as_external', 'access_as_shared'],
+            required=True,
+            help=_('Action for the RBAC policy.'))
+
+    def args2body(self, parsed_args):
+        neutron_client = self.get_client()
+        neutron_client.format = parsed_args.request_format
+        _object_id = get_rbac_object_id(neutron_client, parsed_args.type,
+                                        parsed_args.name)
+        body = {self.resource: {
+            'object_id': _object_id,
+            'object_type': parsed_args.type,
+            'target_tenant': parsed_args.target_tenant,
+            'action': parsed_args.action,
+        }, }
+        return body
+
+
+class UpdateRBACPolicy(neutronV20.UpdateCommand):
+    """Update RBAC policy for given tenant."""
+
+    resource = 'rbac_policy'
+
+    def add_known_arguments(self, parser):
+        parser.add_argument(
+            '--target-tenant',
+            help=_('ID of the tenant to which the RBAC '
+                   'policy will be enforced.'))
+
+    def args2body(self, parsed_args):
+
+        body = {self.resource: {
+            'target_tenant': parsed_args.target_tenant,
+        }, }
+        return body
+
+
+class DeleteRBACPolicy(neutronV20.DeleteCommand):
+    """Delete a RBAC policy."""
+
+    resource = 'rbac_policy'
--- a/neutronclient/shell.py
+++ b/neutronclient/shell.py
@@ -72,6 +72,7 @@ from neutronclient.neutron.v2_0.nsx import qos_queue
 from neutronclient.neutron.v2_0 import policyprofile
 from neutronclient.neutron.v2_0 import port
 from neutronclient.neutron.v2_0 import quota
+from neutronclient.neutron.v2_0 import rbac
 from neutronclient.neutron.v2_0 import router
 from neutronclient.neutron.v2_0 import securitygroup
 from neutronclient.neutron.v2_0 import servicetype
@@ -360,6 +361,11 @@ COMMAND_V2 = {
    'nec-packet-filter-create': packetfilter.CreatePacketFilter,
    'nec-packet-filter-update': packetfilter.UpdatePacketFilter,
    'nec-packet-filter-delete': packetfilter.DeletePacketFilter,
+    'rbac-create': rbac.CreateRBACPolicy,
+    'rbac-update': rbac.UpdateRBACPolicy,
+    'rbac-list': rbac.ListRBACPolicy,
+    'rbac-show': rbac.ShowRBACPolicy,
+    'rbac-delete': rbac.DeleteRBACPolicy,
 }

 COMMANDS = {'2.0': COMMAND_V2}
--- a/neutronclient/tests/unit/test_cli20.py
+++ b/neutronclient/tests/unit/test_cli20.py
@@ -224,7 +224,8 @@ class CLITestV20Base(base.BaseTestCase):
                                      'policy_profile', 'ikepolicy',
                                      'ipsecpolicy', 'metering_label',
                                      'metering_label_rule', 'net_partition',
-                                      'fox_socket', 'subnetpool']
+                                      'fox_socket', 'subnetpool',
+                                      'rbac_policy']
        if not cmd_resource:
            cmd_resource = resource
        if (resource in non_admin_status_resources):
--- a/neutronclient/tests/unit/test_cli20_rbac.py
+++ b/neutronclient/tests/unit/test_cli20_rbac.py
@@ -0,0 +1,117 @@
+# Copyright 2015 Huawei Technologies India Pvt Ltd.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import sys
+
+from neutronclient.neutron.v2_0 import rbac
+from neutronclient.tests.unit import test_cli20
+
+
+class CLITestV20RBACJSON(test_cli20.CLITestV20Base):
+    def test_create_rbac_policy_with_mandatory_params(self):
+        """Create rbac: rbac_object --type network --action access_as_shared"""
+        resource = 'rbac_policy'
+        cmd = rbac.CreateRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        name = 'rbac_object'
+        myid = 'myid'
+        args = [name, '--type', 'network',
+                '--action', 'access_as_shared']
+        position_names = ['object_id', 'object_type',
+                          'target_tenant', 'action']
+        position_values = [name, 'network', None, 'access_as_shared']
+        self._test_create_resource(resource, cmd, name, myid, args,
+                                   position_names, position_values)
+
+    def test_create_rbac_policy_with_all_params(self):
+        """Create rbac: rbac_object --type network """
+        """--target-tenant tenant_id --action access_as_external"""
+        resource = 'rbac_policy'
+        cmd = rbac.CreateRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        name = 'rbac_object'
+        myid = 'myid'
+        args = [name, '--type', 'network',
+                '--target-tenant', 'tenant_id',
+                '--action', 'access_as_external']
+        position_names = ['object_id', 'object_type',
+                          'target_tenant', 'action']
+        position_values = [name, 'network', 'tenant_id', 'access_as_external']
+        self._test_create_resource(resource, cmd, name, myid, args,
+                                   position_names, position_values)
+
+    def test_create_rbac_policy_with_unicode(self):
+        """Create rbac policy u'\u7f51\u7edc'."""
+        resource = 'rbac_policy'
+        cmd = rbac.CreateRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        name = u'\u7f51\u7edc'
+        myid = 'myid'
+        args = [name, '--type', 'network',
+                '--target-tenant', 'tenant_id',
+                '--action', 'access_as_external']
+        position_names = ['object_id', 'object_type',
+                          'target_tenant', 'action']
+        position_values = [name, 'network', 'tenant_id', 'access_as_external']
+        self._test_create_resource(resource, cmd, name, myid, args,
+                                   position_names, position_values)
+
+    def test_update_rbac_policy(self):
+        """rbac-update <rbac-uuid> --target-tenant <other-tenant-uuid>."""
+        resource = 'rbac_policy'
+        cmd = rbac.UpdateRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        self._test_update_resource(resource, cmd, 'myid',
+                                   ['myid', '--target-tenant', 'tenant_id'],
+                                   {'target_tenant': 'tenant_id', })
+
+    def test_delete_rbac_policy(self):
+        """rbac-delete my-id."""
+        resource = 'rbac_policy'
+        cmd = rbac.DeleteRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        my_id = 'myid1'
+        args = [my_id]
+        self._test_delete_resource(resource, cmd, my_id, args)
+
+    def test_list_rbac_policies(self):
+        """rbac-list."""
+        resources = "rbac_policies"
+        cmd = rbac.ListRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        self._test_list_resources(resources, cmd, True)
+
+    def test_list_rbac_policies_pagination(self):
+        """rbac-list with pagination."""
+        resources = "rbac_policies"
+        cmd = rbac.ListRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        self._test_list_resources_with_pagination(resources, cmd)
+
+    def test_list_rbac_policies_sort(self):
+        """sorted list: rbac-list --sort-key name --sort-key id
+        --sort-key asc --sort-key desc
+        """
+        resources = "rbac_policies"
+        cmd = rbac.ListRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        self._test_list_resources(resources, cmd,
+                                  sort_key=["name", "id"],
+                                  sort_dir=["asc", "desc"])
+
+    def test_list_rbac_policies_limit(self):
+        """size (1000) limited list: rbac-list -P."""
+        resources = "rbac_policies"
+        cmd = rbac.ListRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        self._test_list_resources(resources, cmd, page_size=1000)
+
+    def test_show_rbac_policy(self):
+        """rbac-show test_id."""
+        resource = 'rbac_policy'
+        cmd = rbac.ShowRBACPolicy(test_cli20.MyApp(sys.stdout), None)
+        args = ['--fields', 'id', self.test_id]
+        self._test_show_resource(resource, cmd, self.test_id, args, ['id'])
--- a/neutronclient/v2_0/client.py
+++ b/neutronclient/v2_0/client.py
@@ -427,6 +427,8 @@ class Client(ClientBase):
    firewall_path = "/fw/firewalls/%s"
    net_partitions_path = "/net-partitions"
    net_partition_path = "/net-partitions/%s"
+    rbac_policies_path = "/rbac-policies"
+    rbac_policy_path = "/rbac-policies/%s"

    # API has no way to report plurals, so we have to hard code them
    EXTED_PLURALS = {'routers': 'router',
@@ -458,6 +460,7 @@ class Client(ClientBase):
                     'lbaas_healthmonitors': 'lbaas_healthmonitor',
                     'lbaas_members': 'lbaas_member',
                     'healthmonitors': 'healthmonitor',
+                     'rbac_policies': 'rbac_policy',
                     }

    @APIParamsCall
@@ -1600,6 +1603,33 @@ class Client(ClientBase):
        """Delete the specified packet filter."""
        return self.delete(self.packet_filter_path % packet_filter_id)

+    @APIParamsCall
+    def create_rbac_policy(self, body=None):
+        """Create a new RBAC policy."""
+        return self.post(self.rbac_policies_path, body=body)
+
+    @APIParamsCall
+    def update_rbac_policy(self, rbac_policy_id, body=None):
+        """Update a RBAC policy."""
+        return self.put(self.rbac_policy_path % rbac_policy_id, body=body)
+
+    @APIParamsCall
+    def list_rbac_policies(self, retrieve_all=True, **_params):
+        """Fetch a list of all RBAC policies for a tenant."""
+        return self.list('rbac_policies', self.rbac_policies_path,
+                         retrieve_all, **_params)
+
+    @APIParamsCall
+    def show_rbac_policy(self, rbac_policy_id, **_params):
+        """Fetch information of a certain RBAC policy."""
+        return self.get(self.rbac_policy_path % rbac_policy_id,
+                        params=_params)
+
+    @APIParamsCall
+    def delete_rbac_policy(self, rbac_policy_id):
+        """Delete the specified RBAC policy."""
+        return self.delete(self.rbac_policy_path % rbac_policy_id)
+
    def __init__(self, **kwargs):
        """Initialize a new client for the Neutron v2.0 API."""
        super(Client, self).__init__(**kwargs)