Support object_type 'qos_policy' for neutron rbac

Support the new object_type 'qos_policy' for neutron rbac. Closes-Bug: #1689544 Change-Id: Ia818890862259fb6702feffa12273f6f9ee90ea8
2017-05-18 10:33:11 +08:00 · 2017-05-18 10:33:11 +08:00 · 177732776a
commit 177732776a
parent 14cbf5c167
3 changed files with 60 additions and 12 deletions
--- a/heat/engine/resources/openstack/neutron/rbac_policy.py
+++ b/heat/engine/resources/openstack/neutron/rbac_policy.py
@ -23,7 +23,8 @@ class RBACPolicy(neutron.NeutronResource):
    """A Resource for managing RBAC policy in Neutron.

    This resource creates and manages Neutron RBAC policy,
-    which allows to share Neutron networks to subsets of tenants.
+    which allows to share Neutron networks and qos-policies
+    to subsets of tenants.
    """

    support_status = support.SupportStatus(version='6.0.0')
@ -38,8 +39,22 @@ class RBACPolicy(neutron.NeutronResource):
        'object_type', 'target_tenant', 'action', 'object_id', 'tenant_id'
    )

+    OBJECT_TYPE_KEYS = (
+        OBJECT_NETWORK, OBJECT_QOS_POLICY,
+    ) = (
+        'network', 'qos_policy',
+    )
+
+    ACTION_KEYS = (
+        ACCESS_AS_SHARED, ACCESS_AS_EXTERNAL,
+    ) = (
+        'access_as_shared', 'access_as_external',
+    )
+
    # Change it when neutron supports more function in the future.
-    SUPPORTED_TYPES_ACTIONS = {'network': ['access_as_shared']}
+    SUPPORTED_TYPES_ACTIONS = {
+        OBJECT_NETWORK: [ACCESS_AS_SHARED, ACCESS_AS_EXTERNAL],
+        OBJECT_QOS_POLICY: [ACCESS_AS_SHARED]}

    properties_schema = {
        OBJECT_TYPE: properties.Schema(
@ -79,10 +94,16 @@ class RBACPolicy(neutron.NeutronResource):
                [self.OBJECT_ID],
                client_plugin=self.client_plugin(),
                finder='find_resourceid_by_name_or_id',
-                entity=props[self.OBJECT_TYPE]
+                entity=self._get_resource_name(props[self.OBJECT_TYPE])
            )
        ]

+    def _get_resource_name(self, object_type):
+        resource_name = object_type
+        if object_type == self.OBJECT_QOS_POLICY:
+            resource_name = 'policy'
+        return resource_name
+
    def handle_create(self):
        props = self.prepare_properties(
            self.properties,
--- a/heat/tests/openstack/neutron/test_neutron_rbac_policy.py
+++ b/heat/tests/openstack/neutron/test_neutron_rbac_policy.py
@ -32,17 +32,18 @@ class RBACPolicyTest(common.HeatTestCase):
        self.t = template_format.parse(tmpl)
        self.stack = utils.parse_stack(self.t)
        self.rbac = self.stack['rbac']
-
        self.neutron_client = mock.MagicMock()
        self.rbac.client = mock.MagicMock()
        self.rbac.client.return_value = self.neutron_client

-    def test_create(self):
-        self._create_stack()
+    def _test_create(self, obj_type='network'):
+        tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
+        tpl['resources']['rbac']['properties']['object_type'] = obj_type
+        self._create_stack(tmpl=yaml.safe_dump(tpl))
        expected = {
            "rbac_policy": {
                "action": "access_as_shared",
-                "object_type": "network",
+                "object_type": obj_type,
                "object_id": "9ba4c03a-dbd5-4836-b651-defa595796ba",
                "target_tenant": "d1dbbed707e5469da9cd4fdd618e9706"
            }
@ -50,14 +51,36 @@ class RBACPolicyTest(common.HeatTestCase):
        self.rbac.handle_create()
        self.neutron_client.create_rbac_policy.assert_called_with(expected)

-    def test_validate_invalid_action(self):
+    def test_create_network_rbac(self):
+        self._test_create()
+
+    def test_create_qos_policy_rbac(self):
+        self._test_create(obj_type='qos_policy')
+
+    def _test_validate_invalid_action(self,
+                                      invalid_action='invalid',
+                                      obj_type='network'):
        tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
-        tpl['resources']['rbac']['properties']['action'] = 'access_as_external'
+        tpl['resources']['rbac']['properties']['action'] = invalid_action
+        tpl['resources']['rbac']['properties']['object_type'] = obj_type
        self._create_stack(tmpl=yaml.safe_dump(tpl))
-        msg = "Invalid action access_as_external for object type network."
-        self.assertRaisesRegex(exception.StackValidationFailed, msg,
+        msg = ("Invalid action %(action)s for object type %(type)s." %
+               {'action': invalid_action,
+                'type': obj_type})
+        self.assertRaisesRegexp(exception.StackValidationFailed, msg,
                                self.rbac.validate)

+    def test_validate_action_for_network(self):
+        self._test_validate_invalid_action()
+
+    def test_validate_action_for_qos_policy(self):
+        self._test_validate_invalid_action(
+            obj_type='qos_policy')
+        # we dont support access_as_external for qos_policy
+        self._test_validate_invalid_action(
+            obj_type='qos_policy',
+            invalid_action='access_as_external')
+
    def test_validate_invalid_type(self):
        tpl = yaml.safe_load(inline_templates.RBAC_TEMPLATE)
        tpl['resources']['rbac']['properties']['object_type'] = 'networks'
--- a/releasenotes/notes/support-rbac-for-qos-policy-a55434654e1dd953.yaml
+++ b/releasenotes/notes/support-rbac-for-qos-policy-a55434654e1dd953.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - Support to managing rbac policy for 'qos_policy' resource,
+    which allows to share Neutron qos policy to subsets of tenants.