openstack
/
neutron-lib
Code Issues Proposed changes

Merge "Introduce rbac-address-scope api extension"

This commit is contained in:
Zuul 2020-02-28 02:56:16 +00:00 committed by Gerrit Code Review
parent c099a22789 1dfa07ccfd
commit 33b41fb595
7 changed files with 58 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api-ref/source/v2/parameters.yaml
View File

@ -878,16 +878,17 @@ object_id-query:
description: | description: |
Filter the RBAC policy list result by the ID of the ``object_type`` Filter the RBAC policy list result by the ID of the ``object_type``
resource. An ``object_type`` of ``network`` returns a network ID, resource. An ``object_type`` of ``network`` returns a network ID,
an ``object_type`` of ``qos-policy`` returns a QoS policy ID, and an ``object_type`` of ``qos-policy`` returns a QoS policy ID,
an ``object_type`` of ``security-group`` returns a security group ID. an ``object_type`` of ``security-group`` returns a security group ID
and an `object_type`` of ``address-scope`` returns a address scope ID.
in: query in: query
required: false required: false
type: string type: string
object_type-query: object_type-query:
description: | description: |
Filter the RBAC policy list result by the type of the object that the Filter the RBAC policy list result by the type of the object that the
RBAC policy affects. Types include ``qos-policy``, ``network``, or RBAC policy affects. Types include ``qos-policy``, ``network``,
``security-group``. ``security-group`` or ``address-scope``.
in: query in: query
required: false required: false
type: string type: string

3
api-ref/source/v2/rbac-policy.inc
View File

@ -9,6 +9,9 @@ Lists, shows details for, creates, updates, and deletes RBAC policies.
The presence of the ``rbac-security-groups`` extension extends this The presence of the ``rbac-security-groups`` extension extends this
API to support object types of ``security_group``. API to support object types of ``security_group``.
The presence of the ``rbac-address-scope`` extension extends this
API to support object types of ``address-scope``.
Show RBAC policy details Show RBAC policy details
======================== ========================

2
neutron_lib/api/definitions/__init__.py
View File

@ -84,6 +84,7 @@ from neutron_lib.api.definitions import qos_gateway_ip
from neutron_lib.api.definitions import qos_port_network_policy from neutron_lib.api.definitions import qos_port_network_policy
from neutron_lib.api.definitions import qos_rule_type_details from neutron_lib.api.definitions import qos_rule_type_details
from neutron_lib.api.definitions import qos_rules_alias from neutron_lib.api.definitions import qos_rules_alias
from neutron_lib.api.definitions import rbac_address_scope
from neutron_lib.api.definitions import rbac_security_groups from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.api.definitions import revisionifmatch from neutron_lib.api.definitions import revisionifmatch
from neutron_lib.api.definitions import router_admin_state_down_before_update from neutron_lib.api.definitions import router_admin_state_down_before_update
@ -192,6 +193,7 @@ _ALL_API_DEFINITIONS = {
qos_port_network_policy, qos_port_network_policy,
qos_rule_type_details, qos_rule_type_details,
qos_rules_alias, qos_rules_alias,
rbac_address_scope,
rbac_security_groups, rbac_security_groups,
revisionifmatch, revisionifmatch,
router_admin_state_down_before_update, router_admin_state_down_before_update,

1
neutron_lib/api/definitions/base.py
View File

@ -129,6 +129,7 @@ KNOWN_EXTENSIONS = (
'qos-port-network-policy', 'qos-port-network-policy',
'qos-rules-alias', 'qos-rules-alias',
'quotas', 'quotas',
'rbac-address-scope',
'rbac-policies', 'rbac-policies',
'rbac-security-groups', 'rbac-security-groups',
'router', 'router',

25
neutron_lib/api/definitions/rbac_address_scope.py Normal file
View File

@ -0,0 +1,25 @@
# Copyright (c) 2020 Cloudification GmbH. All rights reserved.
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
ALIAS = 'rbac-address-scope'
IS_SHIM_EXTENSION = True
IS_STANDARD_ATTR_EXTENSION = False
NAME = 'Add address_scope type to RBAC'
DESCRIPTION = 'Add address_scope type to RBAC'
UPDATED_TIMESTAMP = '2020-02-12T00:00:00-00:00'
RESOURCE_ATTRIBUTE_MAP = {}
SUB_RESOURCE_ATTRIBUTE_MAP = {}
ACTION_MAP = {}
REQUIRED_EXTENSIONS = ['rbac-policies', 'address-scope']
OPTIONAL_EXTENSIONS = []
ACTION_STATUS = {}

18
neutron_lib/tests/unit/api/definitions/test_rbac_address_scope.py Normal file
View File

@ -0,0 +1,18 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import rbac_address_scope
from neutron_lib.tests.unit.api.definitions import base
class RbacAddressScopeDefinitionTestCase(base.DefinitionBaseTestCase):
extension_module = rbac_address_scope

4
releasenotes/notes/add-rbac-address-scope-dc4683772b205632.yaml Normal file
View File

@ -0,0 +1,4 @@
features:
- |
Added API definition for ``rbac-address-scope`` extension, which allows
sharing address scope between tenants via the network RBAC mechanism.