Browse Source

Add security-group as parameter to RBAC api

Partial-Bug: #1817119
Change-Id: I88fe8d3fd5ed6a2dafe3602182d595b8875bb15b
changes/13/635313/6
Doug Wiegley 3 years ago
parent
commit
c0a6d727c8
No known key found for this signature in database GPG Key ID: 4D3C112B76BBDB5F
  1. 8
      api-ref/source/v2/parameters.yaml
  2. 3
      api-ref/source/v2/rbac-policy.inc
  3. 2
      neutron_lib/api/definitions/__init__.py
  4. 1
      neutron_lib/api/definitions/base.py
  5. 24
      neutron_lib/api/definitions/rbac_security_groups.py
  6. 18
      neutron_lib/tests/unit/api/definitions/test_rbac_security_groups.py
  7. 4
      releasenotes/notes/add-rbac-security-groups-2e47acd9eac3a320.yaml

8
api-ref/source/v2/parameters.yaml

@ -877,15 +877,17 @@ not-tags-query:
object_id-query:
description: |
Filter the RBAC policy list result by the ID of the ``object_type``
resource. An ``object_type`` of ``network`` returns a network ID and
an ``object_type`` of ``qos-policy`` returns a QoS policy ID.
resource. An ``object_type`` of ``network`` returns a network ID,
an ``object_type`` of ``qos-policy`` returns a QoS policy ID, and
an ``object_type`` of ``security-group`` returns a security group ID.
in: query
required: false
type: string
object_type-query:
description: |
Filter the RBAC policy list result by the type of the object that the
RBAC policy affects. Types include ``qos-policy`` or ``network``.
RBAC policy affects. Types include ``qos-policy``, ``network``, or
``security-group``.
in: query
required: false
type: string

3
api-ref/source/v2/rbac-policy.inc

@ -6,6 +6,9 @@ RBAC Policies
Lists, shows details for, creates, updates, and deletes RBAC policies.
The presence of the ``rbac-security-groups`` extension extends this
API to support object types of ``security_group``.
Show RBAC policy details
========================

2
neutron_lib/api/definitions/__init__.py

@ -81,6 +81,7 @@ from neutron_lib.api.definitions import qos_default
from neutron_lib.api.definitions import qos_gateway_ip
from neutron_lib.api.definitions import qos_rule_type_details
from neutron_lib.api.definitions import qos_rules_alias
from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.api.definitions import revisionifmatch
from neutron_lib.api.definitions import router_availability_zone
from neutron_lib.api.definitions import router_interface_fip
@ -179,6 +180,7 @@ _ALL_API_DEFINITIONS = {
qos_gateway_ip,
qos_rule_type_details,
qos_rules_alias,
rbac_security_groups,
revisionifmatch,
router_availability_zone,
router_interface_fip,

1
neutron_lib/api/definitions/base.py

@ -123,6 +123,7 @@ KNOWN_EXTENSIONS = (
'qos-rules-alias',
'quotas',
'rbac-policies',
'rbac-security-groups',
'router',
'router_availability_zone',
'security-group',

24
neutron_lib/api/definitions/rbac_security_groups.py

@ -0,0 +1,24 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
ALIAS = 'rbac-security-groups'
IS_SHIM_EXTENSION = True
IS_STANDARD_ATTR_EXTENSION = False
NAME = 'Add security_group type to network RBAC'
DESCRIPTION = 'Add security_group type to network RBAC'
UPDATED_TIMESTAMP = '2019-02-14T00:00:00-00:00'
RESOURCE_ATTRIBUTE_MAP = {}
SUB_RESOURCE_ATTRIBUTE_MAP = {}
ACTION_MAP = {}
REQUIRED_EXTENSIONS = ['rbac-policies', 'security-group']
OPTIONAL_EXTENSIONS = []
ACTION_STATUS = {}

18
neutron_lib/tests/unit/api/definitions/test_rbac_security_groups.py

@ -0,0 +1,18 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.tests.unit.api.definitions import base
class RbacSecurityGroupsDefinitionTestCase(base.DefinitionBaseTestCase):
extension_module = rbac_security_groups

4
releasenotes/notes/add-rbac-security-groups-2e47acd9eac3a320.yaml

@ -0,0 +1,4 @@
features:
- |
Adds API definition for ``rbac-security-groups`` extension, which allows
sharing security groups between tenants via the network RBAC mechanism.
Loading…
Cancel
Save