Introduce rbac-bgpvpn api extension

This extension makes it possible to add bgpvpn to RBAC policies.

Partial-Bug: #1931100
Change-Id: Ibee622ef47ca6d738ca53f6482cad88b2441503e

api-ref/source/v2/parameters.yaml

@@ -952,8 +952,9 @@ object_id-query:
     an ``object_type`` of ``qos-policy`` returns a QoS policy ID,
     an ``object_type`` of ``security-group`` returns a security group ID,
     an `object_type`` of ``address-scope`` returns a address scope ID,
-    an ``object_type`` of ``subnetpool`` returns a subnetpool ID and
+    an ``object_type`` of ``subnetpool`` returns a subnetpool ID,
-    an ``object_type`` of ``address-group`` returns an address group ID.
+    an ``object_type`` of ``address-group`` returns an address group ID and
+    an ``object_type`` of ``bgpvpn`` returns a bgpvpn ID.
   in: query
   required: false
   type: string
@@ -961,7 +962,8 @@ object_type-query:
   description: |
     Filter the RBAC policy list result by the type of the object that the
     RBAC policy affects. Types include ``qos-policy``, ``network``,
-    ``security-group``, ``address-scope``, ``subnetpool`` or ``address-group``.
+    ``security-group``, ``address-scope``, ``subnetpool``, ``address-group`` or
+    ``bgpvpn``.
   in: query
   required: false
   type: string

api-ref/source/v2/rbac-policy.inc

@@ -18,6 +18,9 @@ API to support object types of ``subnetpool``.
 The presence of the ``rbac-address-group`` extension extends this
 API to support object types of ``address-group``.
 
+The presence of the ``rbac-bgpvpn`` extension extends this
+API to support object types of ``bgpvpn``.
+
 Show RBAC policy details
 ========================
 

neutron_lib/api/definitions/__init__.py

@@ -98,6 +98,7 @@ from neutron_lib.api.definitions import qos_rule_type_details
 from neutron_lib.api.definitions import qos_rules_alias
 from neutron_lib.api.definitions import rbac_address_groups
 from neutron_lib.api.definitions import rbac_address_scope
+from neutron_lib.api.definitions import rbac_bgpvpn
 from neutron_lib.api.definitions import rbac_security_groups
 from neutron_lib.api.definitions import rbac_subnetpool
 from neutron_lib.api.definitions import revisionifmatch
@@ -223,6 +224,7 @@ _ALL_API_DEFINITIONS = {
     qos_rules_alias,
     rbac_address_groups,
     rbac_address_scope,
+    rbac_bgpvpn,
     rbac_security_groups,
     rbac_subnetpool,
     revisionifmatch,

neutron_lib/api/definitions/base.py

@@ -132,6 +132,7 @@ KNOWN_EXTENSIONS = (
     'quotas',
     'rbac-address-group',
     'rbac-address-scope',
+    'rbac-bgpvpn',
     'rbac-policies',
     'rbac-security-groups',
     'rbac-subnetpool',

neutron_lib/api/definitions/bgpvpn.py

@@ -132,7 +132,7 @@ RESOURCE_ATTRIBUTE_MAP = {
                      'enforce_policy': True},
         'routers': {'allow_post': False, 'allow_put': False,
                     'is_visible': True,
-                    'enforce_policy': True}
+                    'enforce_policy': True},
     },
 }
 

neutron_lib/api/definitions/rbac_bgpvpn.py

@@ -0,0 +1,46 @@
+#    Copyright (c) 2021 Cloudification GmbH.  All rights reserved.
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api import converters
+from neutron_lib.api.definitions import bgpvpn
+from neutron_lib import constants
+
+
+ALIAS = 'rbac-bgpvpn'
+IS_SHIM_EXTENSION = False
+IS_STANDARD_ATTR_EXTENSION = False
+NAME = 'Add bgpvpn type to RBAC'
+DESCRIPTION = 'Add bgpvpn type to RBAC'
+UPDATED_TIMESTAMP = '2021-06-07T00:00:00-00:00'
+API_PREFIX = bgpvpn.API_PREFIX
+RESOURCE_NAME = bgpvpn.RESOURCE_NAME
+COLLECTION_NAME = bgpvpn.COLLECTION_NAME
+RESOURCE_ATTRIBUTE_MAP = {
+    COLLECTION_NAME: {
+        constants.SHARED: {
+            'allow_post': False,
+            'allow_put': False,
+            'default': False,
+            'convert_to': converters.convert_to_boolean,
+            'is_visible': True,
+            'is_filter': True,
+            'is_sort_key': True,
+            'enforce_policy': True
+        }
+    },
+}
+SUB_RESOURCE_ATTRIBUTE_MAP = {}
+ACTION_MAP = {}
+REQUIRED_EXTENSIONS = ['rbac-policies', bgpvpn.ALIAS]
+OPTIONAL_EXTENSIONS = []
+ACTION_STATUS = {}

neutron_lib/tests/unit/api/definitions/test_rbac_bgpvpn.py

@@ -0,0 +1,22 @@
+#    Copyright (c) 2021 Cloudification GmbH.  All rights reserved.
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api.definitions import rbac_bgpvpn
+from neutron_lib import constants
+from neutron_lib.tests.unit.api.definitions import base
+
+
+class RbacBGPVPNDefinitionTestCase(base.DefinitionBaseTestCase):
+    extension_module = rbac_bgpvpn
+    extension_resources = (rbac_bgpvpn.COLLECTION_NAME,)
+    extension_attributes = (constants.SHARED,)

releasenotes/notes/add-rbac-bgpvpn-cf6c9346822268f7.yaml

@@ -0,0 +1,5 @@
+features:
+  - |
+    Added API definition for ``rbac-bgpvpn`` extension, which allows
+    sharing bgpvpn objects between tenants via the RBAC mechanism. With shared
+    bgpvpn the end-user will be able to manage router and network associations.