openstack/neutron-lib
Code Issues Proposed changes

Add security-group as parameter to RBAC api

Browse Source 
Partial-Bug: #1817119
Change-Id: I88fe8d3fd5ed6a2dafe3602182d595b8875bb15b
This commit is contained in:
Doug Wiegley 2019-02-06 13:45:43 -07:00
parent aceb7c50ed
commit c0a6d727c8
No known key found for this signature in database
GPG Key ID: 4D3C112B76BBDB5F
7 changed files with 57 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api-ref/source/v2/parameters.yaml
View File

@ -877,15 +877,17 @@ not-tags-query:
object_id-query: object_id-query:
description: | description: |
Filter the RBAC policy list result by the ID of the ``object_type`` Filter the RBAC policy list result by the ID of the ``object_type``
resource. An ``object_type`` of ``network`` returns a network ID and resource. An ``object_type`` of ``network`` returns a network ID,
an ``object_type`` of ``qos-policy`` returns a QoS policy ID. an ``object_type`` of ``qos-policy`` returns a QoS policy ID, and
an ``object_type`` of ``security-group`` returns a security group ID.
in: query in: query
required: false required: false
type: string type: string
object_type-query: object_type-query:
description: | description: |
Filter the RBAC policy list result by the type of the object that the Filter the RBAC policy list result by the type of the object that the
RBAC policy affects. Types include ``qos-policy`` or ``network``. RBAC policy affects. Types include ``qos-policy``, ``network``, or
``security-group``.
in: query in: query
required: false required: false
type: string type: string

3
api-ref/source/v2/rbac-policy.inc
View File

@ -6,6 +6,9 @@ RBAC Policies
Lists, shows details for, creates, updates, and deletes RBAC policies. Lists, shows details for, creates, updates, and deletes RBAC policies.
The presence of the ``rbac-security-groups`` extension extends this
API to support object types of ``security_group``.
Show RBAC policy details Show RBAC policy details
======================== ========================

2
neutron_lib/api/definitions/__init__.py
View File

@ -81,6 +81,7 @@ from neutron_lib.api.definitions import qos_default
from neutron_lib.api.definitions import qos_gateway_ip from neutron_lib.api.definitions import qos_gateway_ip
from neutron_lib.api.definitions import qos_rule_type_details from neutron_lib.api.definitions import qos_rule_type_details
from neutron_lib.api.definitions import qos_rules_alias from neutron_lib.api.definitions import qos_rules_alias
from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.api.definitions import revisionifmatch from neutron_lib.api.definitions import revisionifmatch
from neutron_lib.api.definitions import router_availability_zone from neutron_lib.api.definitions import router_availability_zone
from neutron_lib.api.definitions import router_interface_fip from neutron_lib.api.definitions import router_interface_fip
@ -179,6 +180,7 @@ _ALL_API_DEFINITIONS = {
qos_gateway_ip, qos_gateway_ip,
qos_rule_type_details, qos_rule_type_details,
qos_rules_alias, qos_rules_alias,
rbac_security_groups,
revisionifmatch, revisionifmatch,
router_availability_zone, router_availability_zone,
router_interface_fip, router_interface_fip,

1
neutron_lib/api/definitions/base.py
View File

@ -123,6 +123,7 @@ KNOWN_EXTENSIONS = (
'qos-rules-alias', 'qos-rules-alias',
'quotas', 'quotas',
'rbac-policies', 'rbac-policies',
'rbac-security-groups',
'router', 'router',
'router_availability_zone', 'router_availability_zone',
'security-group', 'security-group',

24
neutron_lib/api/definitions/rbac_security_groups.py Normal file
View File

@ -0,0 +1,24 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
ALIAS = 'rbac-security-groups'
IS_SHIM_EXTENSION = True
IS_STANDARD_ATTR_EXTENSION = False
NAME = 'Add security_group type to network RBAC'
DESCRIPTION = 'Add security_group type to network RBAC'
UPDATED_TIMESTAMP = '2019-02-14T00:00:00-00:00'
RESOURCE_ATTRIBUTE_MAP = {}
SUB_RESOURCE_ATTRIBUTE_MAP = {}
ACTION_MAP = {}
REQUIRED_EXTENSIONS = ['rbac-policies', 'security-group']
OPTIONAL_EXTENSIONS = []
ACTION_STATUS = {}

18
neutron_lib/tests/unit/api/definitions/test_rbac_security_groups.py Normal file
View File

@ -0,0 +1,18 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import rbac_security_groups
from neutron_lib.tests.unit.api.definitions import base
class RbacSecurityGroupsDefinitionTestCase(base.DefinitionBaseTestCase):
extension_module = rbac_security_groups

4
releasenotes/notes/add-rbac-security-groups-2e47acd9eac3a320.yaml Normal file
View File

@ -0,0 +1,4 @@
features:
- |
Adds API definition for ``rbac-security-groups`` extension, which allows
sharing security groups between tenants via the network RBAC mechanism.