Merge "Add `access_as_readonly` sharing action"

2021-01-08 13:18:05 +00:00 · 2021-01-08 13:18:05 +00:00 · 307b6be55e
parent 3a05480c67 83019b98b6
commit 307b6be55e
3 changed files with 14 additions and 2 deletions
--- a/neutron_lib/constants.py
+++ b/neutron_lib/constants.py
@ -666,3 +666,8 @@ PORT_NUMA_POLICY_PREFERRED = 'preferred'
 PORT_NUMA_POLICY_LEGACY = 'legacy'
 PORT_NUMA_POLICIES = (PORT_NUMA_POLICY_REQUIRED, PORT_NUMA_POLICY_PREFERRED,
                      PORT_NUMA_POLICY_LEGACY)
+
+# RBAC Sharing Actions
+ACCESS_SHARED = 'access_as_shared'
+ACCESS_READONLY = 'access_as_readonly'
+ACCESS_EXTERNAL = 'access_as_external'
--- a/neutron_lib/db/model_query.py
+++ b/neutron_lib/db/model_query.py
@ -20,6 +20,7 @@ from sqlalchemy import sql, or_, and_

 from neutron_lib._i18n import _
 from neutron_lib.api import attributes
+from neutron_lib import constants
 from neutron_lib.db import utils as db_utils
 from neutron_lib import exceptions as n_exc
 from neutron_lib.objects import utils as obj_utils
@ -122,7 +123,8 @@ def query_with_hooks(context, model, field=None):
            rbac_model = model.rbac_entries.property.mapper.class_
            query_filter = (
                (model.tenant_id == context.tenant_id) |
-                ((rbac_model.action == 'access_as_shared') &
+                (rbac_model.action.in_(
+                    [constants.ACCESS_SHARED, constants.ACCESS_READONLY]) &
                 ((rbac_model.target_tenant == context.tenant_id) |
                  (rbac_model.target_tenant == '*'))))
        elif hasattr(model, 'shared'):
@ -212,7 +214,7 @@ def apply_filters(query, model, filters, context=None):
                    matches.append(rbac.target_tenant == context.tenant_id)
                # any 'access_as_shared' records that match the
                # wildcard or requesting tenant
-                is_shared = and_(rbac.action == 'access_as_shared',
+                is_shared = and_(rbac.action == constants.ACCESS_SHARED,
                                 or_(*matches))
                if not value[0]:
                    # NOTE(kevinbenton): we need to find objects that don't
--- a/releasenotes/notes/Move-RBAC-share-actions-to-lib-constants-736d881f127c83d7.yaml
+++ b/releasenotes/notes/Move-RBAC-share-actions-to-lib-constants-736d881f127c83d7.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add constants for RBAC sharing actions: ``ACCESS_SHARED``,
+    ``ACCESS_EXTERNAL``, and a new action ``ACCESS_READONLY``.