Browse Source

Introduce rbac-subnetpool api extension

This extension makes it possible to add subnetpools to RBAC policies.

Change-Id: I1238430c40fe7132bad4eea573a638c0c47a5e78
Depends-On: https://review.openstack.org/707407
Partial-Bug: #1862032
tags/2.2.0
Igor Malinovskiy 9 months ago
parent
commit
ae5eb24c78
7 changed files with 57 additions and 3 deletions
  1. +4
    -3
      api-ref/source/v2/parameters.yaml
  2. +3
    -0
      api-ref/source/v2/rbac-policy.inc
  3. +2
    -0
      neutron_lib/api/definitions/__init__.py
  4. +1
    -0
      neutron_lib/api/definitions/base.py
  5. +25
    -0
      neutron_lib/api/definitions/rbac_subnetpool.py
  6. +18
    -0
      neutron_lib/tests/unit/api/definitions/test_rbac_subnetpool.py
  7. +4
    -0
      releasenotes/notes/add-rbac-subnetpool-bb63d4cef1d06e73.yaml

+ 4
- 3
api-ref/source/v2/parameters.yaml View File

@@ -879,8 +879,9 @@ object_id-query:
Filter the RBAC policy list result by the ID of the ``object_type``
resource. An ``object_type`` of ``network`` returns a network ID,
an ``object_type`` of ``qos-policy`` returns a QoS policy ID,
an ``object_type`` of ``security-group`` returns a security group ID
and an `object_type`` of ``address-scope`` returns a address scope ID.
an ``object_type`` of ``security-group`` returns a security group ID,
an `object_type`` of ``address-scope`` returns a address scope ID
and an ``object_type`` of ``subnetpool`` returns a subnetpool ID.
in: query
required: false
type: string
@@ -888,7 +889,7 @@ object_type-query:
description: |
Filter the RBAC policy list result by the type of the object that the
RBAC policy affects. Types include ``qos-policy``, ``network``,
``security-group`` or ``address-scope``.
``security-group``, ``address-scope`` or ``subnetpool``.
in: query
required: false
type: string


+ 3
- 0
api-ref/source/v2/rbac-policy.inc View File

@@ -12,6 +12,9 @@ API to support object types of ``security_group``.
The presence of the ``rbac-address-scope`` extension extends this
API to support object types of ``address-scope``.

The presence of the ``rbac-subnetpool`` extension extends this
API to support object types of ``subnetpool``.

Show RBAC policy details
========================



+ 2
- 0
neutron_lib/api/definitions/__init__.py View File

@@ -86,6 +86,7 @@ from neutron_lib.api.definitions import qos_rule_type_details
from neutron_lib.api.definitions import qos_rules_alias
from neutron_lib.api.definitions import rbac_address_scope
from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.api.definitions import rbac_subnetpool
from neutron_lib.api.definitions import revisionifmatch
from neutron_lib.api.definitions import router_admin_state_down_before_update
from neutron_lib.api.definitions import router_availability_zone
@@ -195,6 +196,7 @@ _ALL_API_DEFINITIONS = {
qos_rules_alias,
rbac_address_scope,
rbac_security_groups,
rbac_subnetpool,
revisionifmatch,
router_admin_state_down_before_update,
router_availability_zone,


+ 1
- 0
neutron_lib/api/definitions/base.py View File

@@ -132,6 +132,7 @@ KNOWN_EXTENSIONS = (
'rbac-address-scope',
'rbac-policies',
'rbac-security-groups',
'rbac-subnetpool',
'router',
'router_availability_zone',
'security-group',


+ 25
- 0
neutron_lib/api/definitions/rbac_subnetpool.py View File

@@ -0,0 +1,25 @@
# Copyright (c) 2020 Cloudification GmbH. All rights reserved.
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

ALIAS = 'rbac-subnetpool'
IS_SHIM_EXTENSION = True
IS_STANDARD_ATTR_EXTENSION = False
NAME = 'Add subnetpool type to RBAC'
DESCRIPTION = 'Add subnetpool type to RBAC'
UPDATED_TIMESTAMP = '2020-02-05T00:00:00-00:00'
RESOURCE_ATTRIBUTE_MAP = {}
SUB_RESOURCE_ATTRIBUTE_MAP = {}
ACTION_MAP = {}
REQUIRED_EXTENSIONS = ['rbac-policies', 'rbac-address-scope']
OPTIONAL_EXTENSIONS = []
ACTION_STATUS = {}

+ 18
- 0
neutron_lib/tests/unit/api/definitions/test_rbac_subnetpool.py View File

@@ -0,0 +1,18 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from neutron_lib.api.definitions import rbac_subnetpool
from neutron_lib.tests.unit.api.definitions import base


class RbacSubnetPoolDefinitionTestCase(base.DefinitionBaseTestCase):
extension_module = rbac_subnetpool

+ 4
- 0
releasenotes/notes/add-rbac-subnetpool-bb63d4cef1d06e73.yaml View File

@@ -0,0 +1,4 @@
features:
- |
Added API definition for ``rbac-subnetpool`` extension, which allows
sharing subnetpool between tenants via the network RBAC mechanism.

Loading…
Cancel
Save