openstack/heat
Code Issues Proposed changes

Support object_type 'qos_policy' for neutron rbac

Browse Source 
Support the new object_type 'qos_policy' for
neutron rbac.

Closes-Bug: #1689544
Change-Id: Ia818890862259fb6702feffa12273f6f9ee90ea8
This commit is contained in:
huangtianhua 2017-05-18 10:33:11 +08:00
parent 14cbf5c167
commit 177732776a
3 changed files with 60 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
heat/engine/resources/openstack/neutron/rbac_policy.py
View File

@ -23,7 +23,8 @@ class RBACPolicy(neutron.NeutronResource):
"""A Resource for managing RBAC policy in Neutron. """A Resource for managing RBAC policy in Neutron.
This resource creates and manages Neutron RBAC policy, This resource creates and manages Neutron RBAC policy,
which allows to share Neutron networks to subsets of tenants. which allows to share Neutron networks and qos-policies
to subsets of tenants.
""" """
support_status = support.SupportStatus(version='6.0.0') support_status = support.SupportStatus(version='6.0.0')
@ -38,8 +39,22 @@ class RBACPolicy(neutron.NeutronResource):
'object_type', 'target_tenant', 'action', 'object_id', 'tenant_id' 'object_type', 'target_tenant', 'action', 'object_id', 'tenant_id'
) )
OBJECT_TYPE_KEYS = (
OBJECT_NETWORK, OBJECT_QOS_POLICY,
) = (
'network', 'qos_policy',
)
ACTION_KEYS = (
ACCESS_AS_SHARED, ACCESS_AS_EXTERNAL,
) = (
'access_as_shared', 'access_as_external',
)
# Change it when neutron supports more function in the future. # Change it when neutron supports more function in the future.
SUPPORTED_TYPES_ACTIONS = {'network': ['access_as_shared']} SUPPORTED_TYPES_ACTIONS = {
OBJECT_NETWORK: [ACCESS_AS_SHARED, ACCESS_AS_EXTERNAL],
OBJECT_QOS_POLICY: [ACCESS_AS_SHARED]}
properties_schema = { properties_schema = {
OBJECT_TYPE: properties.Schema( OBJECT_TYPE: properties.Schema(
@ -79,10 +94,16 @@ class RBACPolicy(neutron.NeutronResource):
[self.OBJECT_ID], [self.OBJECT_ID],
client_plugin=self.client_plugin(), client_plugin=self.client_plugin(),
finder='find_resourceid_by_name_or_id', finder='find_resourceid_by_name_or_id',
entity=props[self.OBJECT_TYPE] entity=self._get_resource_name(props[self.OBJECT_TYPE])
) )
] ]
def _get_resource_name(self, object_type):
resource_name = object_type
if object_type == self.OBJECT_QOS_POLICY:
resource_name = 'policy'
return resource_name
def handle_create(self): def handle_create(self):
props = self.prepare_properties( props = self.prepare_properties(
self.properties, self.properties,

41
heat/tests/openstack/neutron/test_neutron_rbac_policy.py
View File

@ -32,17 +32,18 @@ class RBACPolicyTest(common.HeatTestCase):
self.t = template_format.parse(tmpl) self.t = template_format.parse(tmpl)
self.stack = utils.parse_stack(self.t) self.stack = utils.parse_stack(self.t)
self.rbac = self.stack['rbac'] self.rbac = self.stack['rbac']
self.neutron_client = mock.MagicMock() self.neutron_client = mock.MagicMock()
self.rbac.client = mock.MagicMock() self.rbac.client = mock.MagicMock()
self.rbac.client.return_value = self.neutron_client self.rbac.client.return_value = self.neutron_client
def test_create(self): def _test_create(self, obj_type='network'):
self._create_stack() tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
tpl['resources']['rbac']['properties']['object_type'] = obj_type
self._create_stack(tmpl=yaml.safe_dump(tpl))
expected = { expected = {
"rbac_policy": { "rbac_policy": {
"action": "access_as_shared", "action": "access_as_shared",
"object_type": "network", "object_type": obj_type,
"object_id": "9ba4c03a-dbd5-4836-b651-defa595796ba", "object_id": "9ba4c03a-dbd5-4836-b651-defa595796ba",
"target_tenant": "d1dbbed707e5469da9cd4fdd618e9706" "target_tenant": "d1dbbed707e5469da9cd4fdd618e9706"
} }
@ -50,13 +51,35 @@ class RBACPolicyTest(common.HeatTestCase):
self.rbac.handle_create() self.rbac.handle_create()
self.neutron_client.create_rbac_policy.assert_called_with(expected) self.neutron_client.create_rbac_policy.assert_called_with(expected)
def test_validate_invalid_action(self): def test_create_network_rbac(self):
self._test_create()
def test_create_qos_policy_rbac(self):
self._test_create(obj_type='qos_policy')
def _test_validate_invalid_action(self,
invalid_action='invalid',
obj_type='network'):
tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE) tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
tpl['resources']['rbac']['properties']['action'] = 'access_as_external' tpl['resources']['rbac']['properties']['action'] = invalid_action
tpl['resources']['rbac']['properties']['object_type'] = obj_type
self._create_stack(tmpl=yaml.safe_dump(tpl)) self._create_stack(tmpl=yaml.safe_dump(tpl))
msg = "Invalid action access_as_external for object type network." msg = ("Invalid action %(action)s for object type %(type)s." %
self.assertRaisesRegex(exception.StackValidationFailed, msg, {'action': invalid_action,
self.rbac.validate) 'type': obj_type})
self.assertRaisesRegexp(exception.StackValidationFailed, msg,
self.rbac.validate)
def test_validate_action_for_network(self):
self._test_validate_invalid_action()
def test_validate_action_for_qos_policy(self):
self._test_validate_invalid_action(
obj_type='qos_policy')
# we dont support access_as_external for qos_policy
self._test_validate_invalid_action(
obj_type='qos_policy',
invalid_action='access_as_external')
def test_validate_invalid_type(self): def test_validate_invalid_type(self):
tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE) tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)

4
releasenotes/notes/support-rbac-for-qos-policy-a55434654e1dd953.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- Support to managing rbac policy for 'qos_policy' resource,
which allows to share Neutron qos policy to subsets of tenants.