diff --git a/neutron_lib/api/definitions/__init__.py b/neutron_lib/api/definitions/__init__.py index d30d3d53d..a0fcc577b 100644 --- a/neutron_lib/api/definitions/__init__.py +++ b/neutron_lib/api/definitions/__init__.py @@ -89,6 +89,7 @@ from neutron_lib.api.definitions import sorting from neutron_lib.api.definitions import standard_attr_segment from neutron_lib.api.definitions import subnet from neutron_lib.api.definitions import subnet_onboard +from neutron_lib.api.definitions import subnet_segmentid_enforce from neutron_lib.api.definitions import subnet_segmentid_writable from neutron_lib.api.definitions import subnetpool from neutron_lib.api.definitions import trunk @@ -180,6 +181,7 @@ _ALL_API_DEFINITIONS = { standard_attr_segment, subnet, subnet_onboard, + subnet_segmentid_enforce, subnet_segmentid_writable, subnetpool, trunk, diff --git a/neutron_lib/api/definitions/base.py b/neutron_lib/api/definitions/base.py index 85d2a4e79..9be42183a 100644 --- a/neutron_lib/api/definitions/base.py +++ b/neutron_lib/api/definitions/base.py @@ -129,6 +129,7 @@ KNOWN_EXTENSIONS = ( 'standard-attr-timestamp', 'subnet_allocation', 'subnet_onboard', + 'subnet-segmentid-enforce', 'subnet-segmentid-writable', 'tag', 'trunk', diff --git a/neutron_lib/api/definitions/subnet_segmentid_enforce.py b/neutron_lib/api/definitions/subnet_segmentid_enforce.py new file mode 100644 index 000000000..ddb5a8777 --- /dev/null +++ b/neutron_lib/api/definitions/subnet_segmentid_enforce.py @@ -0,0 +1,79 @@ +# Copyright 2018 AT&T Corporation. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import copy + +from neutron_lib.api.definitions import segment +from neutron_lib.api.definitions import subnet +from neutron_lib.api.definitions import subnet_segmentid_writable + + +# The alias of the extension. +ALIAS = 'subnet-segmentid-enforce' + +# Whether or not this extension is simply signaling behavior to the user +# or it actively modifies the attribute map. +IS_SHIM_EXTENSION = False + +# Whether the extension is marking the adoption of standardattr model for +# legacy resources, or introducing new standardattr attributes. False or +# None if the standardattr model is adopted since the introduction of +# resource extension. +# If this is True, the alias for the extension should be prefixed with +# 'standard-attr-'. +IS_STANDARD_ATTR_EXTENSION = False + +# The name of the extension. +NAME = 'Subnet SegmentID (policy enforced)' + +# A prefix for API resources. An empty prefix means that the API is going +# to be exposed at the v2/ level as any other core resource. +API_PREFIX = '' + +# The description of the extension. +DESCRIPTION = "Enforce segment_id policy rule." + +# A timestamp of when the extension was introduced. +UPDATED_TIMESTAMP = "2018-09-04T00:00:00-00:00" + +segment_id_attr_info = copy.deepcopy( + subnet_segmentid_writable.RESOURCE_ATTRIBUTE_MAP[ + subnet.COLLECTION_NAME][segment.SEGMENT_ID]) +segment_id_attr_info['enforce_policy'] = True + +RESOURCE_ATTRIBUTE_MAP = { + subnet.COLLECTION_NAME: { + segment.SEGMENT_ID: segment_id_attr_info + } +} + +# The subresource attribute map for the extension. It adds child resources +# to main extension's resource. The subresource map must have a parent and +# a parameters entry. If an extension does not need such a map, None can +# be specified (mandatory). +SUB_RESOURCE_ATTRIBUTE_MAP = {} + +# The action map: it associates verbs with methods to be performed on +# the API resource. +ACTION_MAP = {} + +# The action status. +ACTION_STATUS = {} + +# The list of required extensions. +REQUIRED_EXTENSIONS = [subnet_segmentid_writable.ALIAS] + +# The list of optional extensions. +OPTIONAL_EXTENSIONS = [] diff --git a/neutron_lib/tests/unit/api/definitions/test_subnet_segmentid_enforce.py b/neutron_lib/tests/unit/api/definitions/test_subnet_segmentid_enforce.py new file mode 100644 index 000000000..4a3fcd658 --- /dev/null +++ b/neutron_lib/tests/unit/api/definitions/test_subnet_segmentid_enforce.py @@ -0,0 +1,23 @@ +# Copyright 2018 AT&T Corporation. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_lib.api.definitions import segment +from neutron_lib.api.definitions import subnet_segmentid_enforce +from neutron_lib.tests.unit.api.definitions import base + + +class SubnetSegmentIDEnforceDefinitionTestCase(base.DefinitionBaseTestCase): + extension_module = subnet_segmentid_enforce + extension_attributes = (segment.SEGMENT_ID,) diff --git a/releasenotes/notes/subnet_segment_id_policy_enforce-cd8053c51417d373.yaml b/releasenotes/notes/subnet_segment_id_policy_enforce-cd8053c51417d373.yaml new file mode 100644 index 000000000..75f9deff1 --- /dev/null +++ b/releasenotes/notes/subnet_segment_id_policy_enforce-cd8053c51417d373.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Change API to enforce policy rules for subnet entities with specified + segment_ids, to fix a broken implementation of that policy enforcement. + Bug: `1784259 `_ +