Introduce rbac-subnetpool api extension

This extension makes it possible to add subnetpools to RBAC policies. Change-Id: I1238430c40fe7132bad4eea573a638c0c47a5e78 Depends-On: https://review.openstack.org/707407 Partial-Bug: #1862032
2020-02-05 17:50:47 +02:00 · 2020-02-05 17:50:47 +02:00 · ae5eb24c78
parent 1dfa07ccfd
commit ae5eb24c78
7 changed files with 57 additions and 3 deletions
--- a/api-ref/source/v2/parameters.yaml
+++ b/api-ref/source/v2/parameters.yaml
@ -879,8 +879,9 @@ object_id-query:
    Filter the RBAC policy list result by the ID of the ``object_type``
    resource. An ``object_type`` of ``network`` returns a network ID,
    an ``object_type`` of ``qos-policy`` returns a QoS policy ID,
-    an ``object_type`` of ``security-group`` returns a security group ID
-    and an `object_type`` of ``address-scope`` returns a address scope ID.
+    an ``object_type`` of ``security-group`` returns a security group ID,
+    an `object_type`` of ``address-scope`` returns a address scope ID
+    and an ``object_type`` of ``subnetpool`` returns a subnetpool ID.
  in: query
  required: false
  type: string
@ -888,7 +889,7 @@ object_type-query:
  description: |
    Filter the RBAC policy list result by the type of the object that the
    RBAC policy affects. Types include ``qos-policy``, ``network``,
-    ``security-group`` or ``address-scope``.
+    ``security-group``, ``address-scope`` or ``subnetpool``.
  in: query
  required: false
  type: string
--- a/api-ref/source/v2/rbac-policy.inc
+++ b/api-ref/source/v2/rbac-policy.inc
@ -12,6 +12,9 @@ API to support object types of ``security_group``.
 The presence of the ``rbac-address-scope`` extension extends this
 API to support object types of ``address-scope``.

+The presence of the ``rbac-subnetpool`` extension extends this
+API to support object types of ``subnetpool``.
+
 Show RBAC policy details
 ========================

--- a/neutron_lib/api/definitions/init.py
+++ b/neutron_lib/api/definitions/init.py
@ -86,6 +86,7 @@ from neutron_lib.api.definitions import qos_rule_type_details
 from neutron_lib.api.definitions import qos_rules_alias
 from neutron_lib.api.definitions import rbac_address_scope
 from neutron_lib.api.definitions import rbac_security_groups
+from neutron_lib.api.definitions import rbac_subnetpool
 from neutron_lib.api.definitions import revisionifmatch
 from neutron_lib.api.definitions import router_admin_state_down_before_update
 from neutron_lib.api.definitions import router_availability_zone
@ -195,6 +196,7 @@ _ALL_API_DEFINITIONS = {
    qos_rules_alias,
    rbac_address_scope,
    rbac_security_groups,
+    rbac_subnetpool,
    revisionifmatch,
    router_admin_state_down_before_update,
    router_availability_zone,
--- a/neutron_lib/api/definitions/base.py
+++ b/neutron_lib/api/definitions/base.py
@ -132,6 +132,7 @@ KNOWN_EXTENSIONS = (
    'rbac-address-scope',
    'rbac-policies',
    'rbac-security-groups',
+    'rbac-subnetpool',
    'router',
    'router_availability_zone',
    'security-group',
--- a/neutron_lib/api/definitions/rbac_subnetpool.py
+++ b/neutron_lib/api/definitions/rbac_subnetpool.py
@ -0,0 +1,25 @@
+#    Copyright (c) 2020 Cloudification GmbH.  All rights reserved.
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+ALIAS = 'rbac-subnetpool'
+IS_SHIM_EXTENSION = True
+IS_STANDARD_ATTR_EXTENSION = False
+NAME = 'Add subnetpool type to RBAC'
+DESCRIPTION = 'Add subnetpool type to RBAC'
+UPDATED_TIMESTAMP = '2020-02-05T00:00:00-00:00'
+RESOURCE_ATTRIBUTE_MAP = {}
+SUB_RESOURCE_ATTRIBUTE_MAP = {}
+ACTION_MAP = {}
+REQUIRED_EXTENSIONS = ['rbac-policies', 'rbac-address-scope']
+OPTIONAL_EXTENSIONS = []
+ACTION_STATUS = {}
--- a/neutron_lib/tests/unit/api/definitions/test_rbac_subnetpool.py
+++ b/neutron_lib/tests/unit/api/definitions/test_rbac_subnetpool.py
@ -0,0 +1,18 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api.definitions import rbac_subnetpool
+from neutron_lib.tests.unit.api.definitions import base
+
+
+class RbacSubnetPoolDefinitionTestCase(base.DefinitionBaseTestCase):
+    extension_module = rbac_subnetpool
--- a/releasenotes/notes/add-rbac-subnetpool-bb63d4cef1d06e73.yaml
+++ b/releasenotes/notes/add-rbac-subnetpool-bb63d4cef1d06e73.yaml
@ -0,0 +1,4 @@
+features:
+  - |
+    Added API definition for ``rbac-subnetpool`` extension, which allows
+    sharing subnetpool between tenants via the network RBAC mechanism.