Prevent creation of subnet via RBAC during new network creation

Wire (('network', 'create_subnet'),) policy rules into the
CreateNetwork workflow, effectively hiding the steps related to
creating Subnet in case it is forbidden via Neutron policy.

Change-Id: I18c6e333e6a19a99f8154654c6455750a87e95df
closes-Bug: #1398845

openstack_dashboard/dashboards/project/networks/workflows.py

@@ -200,6 +200,7 @@ class CreateSubnetInfoAction(workflows.Action):
 
     class Meta(object):
         name = _("Subnet")
+        policy_rules = (('network', 'create_subnet'),)
         help_text = _('Creates a subnet associated with the network.'
                       ' You need to enter a valid "Network Address"'
                       ' and "Gateway IP". If you did not enter the'
@@ -362,6 +363,7 @@ class CreateSubnetDetailAction(workflows.Action):
 
     class Meta(object):
         name = _("Subnet Details")
+        policy_rules = (('network', 'create_subnet'),)
         help_text = _('Specify additional attributes for the subnet.')
 
     def __init__(self, request, context, *args, **kwargs):
@@ -586,7 +588,7 @@ class CreateNetwork(workflows.Workflow):
         if not network:
             return False
         # If we do not need to create a subnet, return here.
-        if not data['with_subnet']:
+        if not data.get('with_subnet'):
             return True
         subnet = self._create_subnet(request, data, network, no_redirect=True)
         if subnet:

openstack_dashboard/test/integration_tests/pages/project/network/networkspage.py

@@ -38,7 +38,6 @@ class NetworksTable(tables.TableRegion):
 
 class NetworksPage(basepage.BaseNavigationPage):
     DEFAULT_ADMIN_STATE = 'True'
-    DEFAULT_CREATE_SUBNET = True
     DEFAULT_IP_VERSION = '4'
     DEFAULT_DISABLE_GATEWAY = False
     DEFAULT_ENABLE_DHCP = True
@@ -59,9 +58,8 @@ class NetworksPage(basepage.BaseNavigationPage):
     def networks_table(self):
         return NetworksTable(self.driver, self.conf)
 
-    def create_network(self, network_name, subnet_name,
+    def create_network(self, network_name, subnet_name=None,
                        admin_state=DEFAULT_ADMIN_STATE,
-                       create_subnet=DEFAULT_CREATE_SUBNET,
                        network_address=None, ip_version=DEFAULT_IP_VERSION,
                        gateway_ip=None,
                        disable_gateway=DEFAULT_DISABLE_GATEWAY,
@@ -70,7 +68,7 @@ class NetworksPage(basepage.BaseNavigationPage):
         create_network_form = self.networks_table.create_network()
         create_network_form.net_name.text = network_name
         create_network_form.admin_state.value = admin_state
-        if not create_subnet:
+        if subnet_name is None:
             create_network_form.with_subnet.unmark()
         else:
             create_network_form.switch_to(self.SUBNET_TAB_INDEX)

openstack_dashboard/test/integration_tests/tests/test_networks.py

@@ -19,7 +19,7 @@ from openstack_dashboard.test.integration_tests.regions import messages
 @decorators.services_required("neutron")
 class TestNetworks(helpers.TestCase):
     NETWORK_NAME = helpers.gen_random_resource_name("network")
-    SUBNET_NAME = helpers.gen_random_resource_name("subnet")
+    SUBNET_NAME = None
 
     def test_private_network_create(self):
         """tests the network creation and deletion functionalities:
@@ -45,3 +45,7 @@ class TestNetworks(helpers.TestCase):
         self.assertFalse(
             networks_page.find_message_and_dismiss(messages.ERROR))
         self.assertFalse(networks_page.is_network_present(self.NETWORK_NAME))
+
+
+class TestAdminNetworks(helpers.AdminTestCase, TestNetworks):
+    SUBNET_NAME = helpers.gen_random_resource_name("subnet")