rbacs: clean-up to use defined constants ACCESS_*
Some files are using strings access_as_shared or access_as_external instead of using defined constants ACCESS_SHARED and ACCESS_EXTERNAL. This commit is doing the cleaning it does not bring any functional change. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com> Change-Id: Ib75326c762776c5259740cb2f0abc1163842f95d
This commit is contained in:
parent
232a67f444
commit
256297fc7f
@ -34,6 +34,7 @@ from oslo_log import log as logging
|
|||||||
from sqlalchemy.orm import exc
|
from sqlalchemy.orm import exc
|
||||||
|
|
||||||
from neutron.db import models_v2
|
from neutron.db import models_v2
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.objects import base as base_obj
|
from neutron.objects import base as base_obj
|
||||||
from neutron.objects import ports as port_obj
|
from neutron.objects import ports as port_obj
|
||||||
from neutron.objects import subnet as subnet_obj
|
from neutron.objects import subnet as subnet_obj
|
||||||
@ -347,7 +348,7 @@ class DbBasePluginCommon(object):
|
|||||||
# is shared to the calling tenant via an RBAC entry.
|
# is shared to the calling tenant via an RBAC entry.
|
||||||
matches = ('*',) + ((context.tenant_id,) if context else ())
|
matches = ('*',) + ((context.tenant_id,) if context else ())
|
||||||
for entry in rbac_entries:
|
for entry in rbac_entries:
|
||||||
if (entry.action == 'access_as_shared' and
|
if (entry.action == rbac_db_models.ACCESS_SHARED and
|
||||||
entry.target_project in matches):
|
entry.target_project in matches):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
@ -57,6 +57,7 @@ from neutron.db import db_base_plugin_common
|
|||||||
from neutron.db import ipam_pluggable_backend
|
from neutron.db import ipam_pluggable_backend
|
||||||
from neutron.db import models_v2
|
from neutron.db import models_v2
|
||||||
from neutron.db import rbac_db_mixin as rbac_mixin
|
from neutron.db import rbac_db_mixin as rbac_mixin
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.db import standardattrdescription_db as stattr_db
|
from neutron.db import standardattrdescription_db as stattr_db
|
||||||
from neutron.exceptions import mtu as mtu_exc
|
from neutron.exceptions import mtu as mtu_exc
|
||||||
from neutron.extensions import subnetpool_prefix_ops
|
from neutron.extensions import subnetpool_prefix_ops
|
||||||
@ -204,7 +205,8 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
policy = (payload.request_body if event == events.BEFORE_CREATE
|
policy = (payload.request_body if event == events.BEFORE_CREATE
|
||||||
else payload.latest_state)
|
else payload.latest_state)
|
||||||
|
|
||||||
if object_type != 'network' or policy['action'] != 'access_as_shared':
|
if (object_type != 'network' or
|
||||||
|
policy['action'] != rbac_db_models.ACCESS_SHARED):
|
||||||
# we only care about shared network policies
|
# we only care about shared network policies
|
||||||
return
|
return
|
||||||
# The object a policy targets cannot be changed so we can look
|
# The object a policy targets cannot be changed so we can look
|
||||||
@ -247,7 +249,8 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
# any port with another RBAC entry covering it or one belonging
|
# any port with another RBAC entry covering it or one belonging
|
||||||
# to the same tenant as the network owner is ok
|
# to the same tenant as the network owner is ok
|
||||||
other_rbac_objs = network_obj.NetworkRBAC.get_objects(
|
other_rbac_objs = network_obj.NetworkRBAC.get_objects(
|
||||||
elevated, object_id=network_id, action='access_as_shared')
|
elevated, object_id=network_id,
|
||||||
|
action=rbac_db_models.ACCESS_SHARED)
|
||||||
allowed_tenants = [rbac['target_project'] for rbac
|
allowed_tenants = [rbac['target_project'] for rbac
|
||||||
in other_rbac_objs
|
in other_rbac_objs
|
||||||
if rbac.target_project != tenant_id]
|
if rbac.target_project != tenant_id]
|
||||||
@ -259,7 +262,8 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
# allows any ports
|
# allows any ports
|
||||||
if network_obj.NetworkRBAC.get_object(
|
if network_obj.NetworkRBAC.get_object(
|
||||||
elevated, object_id=network_id,
|
elevated, object_id=network_id,
|
||||||
action='access_as_shared', target_project='*'):
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
|
target_project='*'):
|
||||||
return
|
return
|
||||||
ports = ports.filter(models_v2.Port.project_id == tenant_id)
|
ports = ports.filter(models_v2.Port.project_id == tenant_id)
|
||||||
if ports.count():
|
if ports.count():
|
||||||
@ -305,7 +309,8 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
def _validate_projects_have_access_to_network(self, network, project_ids):
|
def _validate_projects_have_access_to_network(self, network, project_ids):
|
||||||
ctx_admin = ctx.get_admin_context()
|
ctx_admin = ctx.get_admin_context()
|
||||||
other_rbac_objs = network_obj.NetworkRBAC.get_objects(
|
other_rbac_objs = network_obj.NetworkRBAC.get_objects(
|
||||||
ctx_admin, object_id=network.id, action='access_as_shared')
|
ctx_admin, object_id=network.id,
|
||||||
|
action=rbac_db_models.ACCESS_SHARED)
|
||||||
allowed_projects = {rbac['target_project'] for rbac in other_rbac_objs
|
allowed_projects = {rbac['target_project'] for rbac in other_rbac_objs
|
||||||
if rbac.target_project != '*'}
|
if rbac.target_project != '*'}
|
||||||
allowed_projects.add(network.project_id)
|
allowed_projects.add(network.project_id)
|
||||||
@ -419,7 +424,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
if n['shared']:
|
if n['shared']:
|
||||||
np_rbac_args = {'project_id': network.project_id,
|
np_rbac_args = {'project_id': network.project_id,
|
||||||
'object_id': network.id,
|
'object_id': network.id,
|
||||||
'action': 'access_as_shared',
|
'action': rbac_db_models.ACCESS_SHARED,
|
||||||
'target_project': '*'}
|
'target_project': '*'}
|
||||||
np_rbac_obj = network_obj.NetworkRBAC(context, **np_rbac_args)
|
np_rbac_obj = network_obj.NetworkRBAC(context, **np_rbac_args)
|
||||||
np_rbac_obj.create()
|
np_rbac_obj.create()
|
||||||
@ -437,7 +442,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
if 'shared' in n:
|
if 'shared' in n:
|
||||||
entry = None
|
entry = None
|
||||||
for item in network.rbac_entries:
|
for item in network.rbac_entries:
|
||||||
if (item.action == 'access_as_shared' and
|
if (item.action == rbac_db_models.ACCESS_SHARED and
|
||||||
item.target_project == '*'):
|
item.target_project == '*'):
|
||||||
entry = item
|
entry = item
|
||||||
break
|
break
|
||||||
@ -447,7 +452,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
if update_shared and not entry:
|
if update_shared and not entry:
|
||||||
np_rbac_args = {'project_id': network.project_id,
|
np_rbac_args = {'project_id': network.project_id,
|
||||||
'object_id': network.id,
|
'object_id': network.id,
|
||||||
'action': 'access_as_shared',
|
'action': rbac_db_models.ACCESS_SHARED,
|
||||||
'target_project': '*'}
|
'target_project': '*'}
|
||||||
np_rbac_obj = network_obj.NetworkRBAC(context,
|
np_rbac_obj = network_obj.NetworkRBAC(context,
|
||||||
**np_rbac_args)
|
**np_rbac_args)
|
||||||
@ -455,7 +460,8 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
|||||||
elif not update_shared and entry:
|
elif not update_shared and entry:
|
||||||
network_obj.NetworkRBAC.delete_objects(
|
network_obj.NetworkRBAC.delete_objects(
|
||||||
context, object_id=network.id,
|
context, object_id=network.id,
|
||||||
action='access_as_shared', target_project='*')
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
|
target_project='*')
|
||||||
|
|
||||||
# TODO(ihrachys) Below can be removed when we make sqlalchemy
|
# TODO(ihrachys) Below can be removed when we make sqlalchemy
|
||||||
# event listeners in neutron_lib/db/api.py to refresh expired
|
# event listeners in neutron_lib/db/api.py to refresh expired
|
||||||
|
@ -31,6 +31,7 @@ from sqlalchemy.sql import expression as expr
|
|||||||
|
|
||||||
from neutron._i18n import _
|
from neutron._i18n import _
|
||||||
from neutron.db import models_v2
|
from neutron.db import models_v2
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.extensions import rbac as rbac_ext
|
from neutron.extensions import rbac as rbac_ext
|
||||||
from neutron.objects import network as net_obj
|
from neutron.objects import network as net_obj
|
||||||
from neutron.objects import ports as port_obj
|
from neutron.objects import ports as port_obj
|
||||||
@ -47,7 +48,7 @@ def _network_filter_hook(context, original_model, conditions):
|
|||||||
# shared check so we don't need to worry about ensuring that
|
# shared check so we don't need to worry about ensuring that
|
||||||
rbac_model = original_model.rbac_entries.property.mapper.class_
|
rbac_model = original_model.rbac_entries.property.mapper.class_
|
||||||
tenant_allowed = (
|
tenant_allowed = (
|
||||||
(rbac_model.action == 'access_as_external') &
|
(rbac_model.action == rbac_db_models.ACCESS_EXTERNAL) &
|
||||||
(rbac_model.target_project == context.tenant_id) |
|
(rbac_model.target_project == context.tenant_id) |
|
||||||
(rbac_model.target_project == '*'))
|
(rbac_model.target_project == '*'))
|
||||||
conditions = expr.or_(tenant_allowed, *conditions)
|
conditions = expr.or_(tenant_allowed, *conditions)
|
||||||
@ -102,7 +103,7 @@ class External_net_db_mixin(object):
|
|||||||
context, network_id=net_data['id']).create()
|
context, network_id=net_data['id']).create()
|
||||||
net_rbac_args = {'project_id': net_data['tenant_id'],
|
net_rbac_args = {'project_id': net_data['tenant_id'],
|
||||||
'object_id': net_data['id'],
|
'object_id': net_data['id'],
|
||||||
'action': 'access_as_external',
|
'action': rbac_db_models.ACCESS_EXTERNAL,
|
||||||
'target_project': '*'}
|
'target_project': '*'}
|
||||||
net_obj.NetworkRBAC(context, **net_rbac_args).create()
|
net_obj.NetworkRBAC(context, **net_rbac_args).create()
|
||||||
net_data[extnet_apidef.EXTERNAL] = external
|
net_data[extnet_apidef.EXTERNAL] = external
|
||||||
@ -123,7 +124,7 @@ class External_net_db_mixin(object):
|
|||||||
if allow_all:
|
if allow_all:
|
||||||
net_rbac_args = {'project_id': net_data['tenant_id'],
|
net_rbac_args = {'project_id': net_data['tenant_id'],
|
||||||
'object_id': net_id,
|
'object_id': net_id,
|
||||||
'action': 'access_as_external',
|
'action': rbac_db_models.ACCESS_EXTERNAL,
|
||||||
'target_project': '*'}
|
'target_project': '*'}
|
||||||
net_obj.NetworkRBAC(context, **net_rbac_args).create()
|
net_obj.NetworkRBAC(context, **net_rbac_args).create()
|
||||||
else:
|
else:
|
||||||
@ -138,7 +139,8 @@ class External_net_db_mixin(object):
|
|||||||
net_obj.ExternalNetwork.delete_objects(
|
net_obj.ExternalNetwork.delete_objects(
|
||||||
context, network_id=net_id)
|
context, network_id=net_id)
|
||||||
net_obj.NetworkRBAC.delete_objects(
|
net_obj.NetworkRBAC.delete_objects(
|
||||||
context, object_id=net_id, action='access_as_external')
|
context, object_id=net_id,
|
||||||
|
action=rbac_db_models.ACCESS_EXTERNAL)
|
||||||
net_data[extnet_apidef.EXTERNAL] = False
|
net_data[extnet_apidef.EXTERNAL] = False
|
||||||
|
|
||||||
def _process_l3_delete(self, context, network_id):
|
def _process_l3_delete(self, context, network_id):
|
||||||
@ -154,7 +156,7 @@ class External_net_db_mixin(object):
|
|||||||
context = payload.context
|
context = payload.context
|
||||||
|
|
||||||
if (object_type != 'network' or
|
if (object_type != 'network' or
|
||||||
policy['action'] != 'access_as_external'):
|
policy['action'] != rbac_db_models.ACCESS_EXTERNAL):
|
||||||
return
|
return
|
||||||
net = self.get_network(context, policy['object_id'])
|
net = self.get_network(context, policy['object_id'])
|
||||||
if not context.is_admin and net['tenant_id'] != context.tenant_id:
|
if not context.is_admin and net['tenant_id'] != context.tenant_id:
|
||||||
@ -175,12 +177,12 @@ class External_net_db_mixin(object):
|
|||||||
context = payload.context
|
context = payload.context
|
||||||
|
|
||||||
if (object_type != 'network' or
|
if (object_type != 'network' or
|
||||||
policy['action'] != 'access_as_external'):
|
policy['action'] != rbac_db_models.ACCESS_EXTERNAL):
|
||||||
return
|
return
|
||||||
# If the network still have rbac policies, we should not
|
# If the network still have rbac policies, we should not
|
||||||
# update external attribute.
|
# update external attribute.
|
||||||
if net_obj.NetworkRBAC.count(context, object_id=policy['object_id'],
|
if net_obj.NetworkRBAC.count(context, object_id=policy['object_id'],
|
||||||
action='access_as_external'):
|
action=rbac_db_models.ACCESS_EXTERNAL):
|
||||||
return
|
return
|
||||||
net = self.get_network(context, policy['object_id'])
|
net = self.get_network(context, policy['object_id'])
|
||||||
self._process_l3_update(context, net,
|
self._process_l3_update(context, net,
|
||||||
@ -195,7 +197,7 @@ class External_net_db_mixin(object):
|
|||||||
context = payload.context
|
context = payload.context
|
||||||
|
|
||||||
if (object_type != 'network' or
|
if (object_type != 'network' or
|
||||||
policy['action'] != 'access_as_external'):
|
policy['action'] != rbac_db_models.ACCESS_EXTERNAL):
|
||||||
return
|
return
|
||||||
new_project = None
|
new_project = None
|
||||||
if event == events.BEFORE_UPDATE:
|
if event == events.BEFORE_UPDATE:
|
||||||
@ -215,7 +217,7 @@ class External_net_db_mixin(object):
|
|||||||
# router lookup because they will have access either way
|
# router lookup because they will have access either way
|
||||||
if net_obj.NetworkRBAC.count(
|
if net_obj.NetworkRBAC.count(
|
||||||
context, object_id=policy['object_id'],
|
context, object_id=policy['object_id'],
|
||||||
action='access_as_external', target_project='*'):
|
action=rbac_db_models.ACCESS_EXTERNAL, target_project='*'):
|
||||||
return
|
return
|
||||||
router_exist = l3_obj.Router.objects_exist(context, **filters)
|
router_exist = l3_obj.Router.objects_exist(context, **filters)
|
||||||
else:
|
else:
|
||||||
@ -230,7 +232,7 @@ class External_net_db_mixin(object):
|
|||||||
details=msg)
|
details=msg)
|
||||||
projects = net_obj.NetworkRBAC.get_projects(
|
projects = net_obj.NetworkRBAC.get_projects(
|
||||||
context, object_id=policy['object_id'],
|
context, object_id=policy['object_id'],
|
||||||
action='access_as_external')
|
action=rbac_db_models.ACCESS_EXTERNAL)
|
||||||
projects_with_entries = [project for project in projects
|
projects_with_entries = [project for project in projects
|
||||||
if project != '*']
|
if project != '*']
|
||||||
if new_project:
|
if new_project:
|
||||||
|
@ -53,6 +53,7 @@ from neutron.db import l3_attrs_db
|
|||||||
from neutron.db.models import l3 as l3_models
|
from neutron.db.models import l3 as l3_models
|
||||||
from neutron.db.models import l3_attrs as l3_attrs_models
|
from neutron.db.models import l3_attrs as l3_attrs_models
|
||||||
from neutron.db import models_v2
|
from neutron.db import models_v2
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.db import standardattrdescription_db as st_attr
|
from neutron.db import standardattrdescription_db as st_attr
|
||||||
from neutron.extensions import l3
|
from neutron.extensions import l3
|
||||||
from neutron.extensions import segment as segment_ext
|
from neutron.extensions import segment as segment_ext
|
||||||
@ -884,7 +885,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
|
|||||||
with db_api.CONTEXT_READER.using(elevated):
|
with db_api.CONTEXT_READER.using(elevated):
|
||||||
rbac_allowed_projects = network_obj.NetworkRBAC.get_projects(
|
rbac_allowed_projects = network_obj.NetworkRBAC.get_projects(
|
||||||
elevated, object_id=subnet['network_id'],
|
elevated, object_id=subnet['network_id'],
|
||||||
action='access_as_shared',
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
target_project=context.project_id)
|
target_project=context.project_id)
|
||||||
|
|
||||||
# Fail if the current project_id is NOT in the allowed
|
# Fail if the current project_id is NOT in the allowed
|
||||||
|
@ -20,6 +20,7 @@ from neutron_lib import exceptions as n_exc
|
|||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_utils import uuidutils
|
from oslo_utils import uuidutils
|
||||||
|
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.objects import network as network_obj
|
from neutron.objects import network as network_obj
|
||||||
from neutron.plugins.ml2 import plugin as ml2_plugin
|
from neutron.plugins.ml2 import plugin as ml2_plugin
|
||||||
from neutron import quota
|
from neutron import quota
|
||||||
@ -96,9 +97,9 @@ class NetworkRBACTestCase(testlib_api.SqlTestCase):
|
|||||||
|
|
||||||
def _check_rbac(self, network_id, is_none, external):
|
def _check_rbac(self, network_id, is_none, external):
|
||||||
if external:
|
if external:
|
||||||
action = 'access_as_external'
|
action = rbac_db_models.ACCESS_EXTERNAL
|
||||||
else:
|
else:
|
||||||
action = 'access_as_shared'
|
action = rbac_db_models.ACCESS_SHARED
|
||||||
rbac = network_obj.NetworkRBAC.get_object(
|
rbac = network_obj.NetworkRBAC.get_object(
|
||||||
self.ctx, object_id=network_id, action=action, target_project='*')
|
self.ctx, object_id=network_id, action=action, target_project='*')
|
||||||
if is_none:
|
if is_none:
|
||||||
|
@ -61,6 +61,7 @@ from neutron.db import ipam_backend_mixin
|
|||||||
from neutron.db.models import l3 as l3_models
|
from neutron.db.models import l3 as l3_models
|
||||||
from neutron.db.models import securitygroup as sg_models
|
from neutron.db.models import securitygroup as sg_models
|
||||||
from neutron.db import models_v2
|
from neutron.db import models_v2
|
||||||
|
from neutron.db import rbac_db_models
|
||||||
from neutron.exceptions import mtu as mtu_exc
|
from neutron.exceptions import mtu as mtu_exc
|
||||||
from neutron.ipam.drivers.neutrondb_ipam import driver as ipam_driver
|
from neutron.ipam.drivers.neutrondb_ipam import driver as ipam_driver
|
||||||
from neutron.ipam import exceptions as ipam_exc
|
from neutron.ipam import exceptions as ipam_exc
|
||||||
@ -2898,12 +2899,12 @@ class TestNetworksV2(NeutronDbPluginV2TestCase):
|
|||||||
with db_api.CONTEXT_WRITER.using(ctx):
|
with db_api.CONTEXT_WRITER.using(ctx):
|
||||||
network_obj.NetworkRBAC(
|
network_obj.NetworkRBAC(
|
||||||
ctx, object_id=network['network']['id'],
|
ctx, object_id=network['network']['id'],
|
||||||
action='access_as_shared',
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
project_id=network['network']['tenant_id'],
|
project_id=network['network']['tenant_id'],
|
||||||
target_project='somebody_else').create()
|
target_project='somebody_else').create()
|
||||||
network_obj.NetworkRBAC(
|
network_obj.NetworkRBAC(
|
||||||
ctx, object_id=network['network']['id'],
|
ctx, object_id=network['network']['id'],
|
||||||
action='access_as_shared',
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
project_id=network['network']['tenant_id'],
|
project_id=network['network']['tenant_id'],
|
||||||
target_project='one_more_somebody_else').create()
|
target_project='one_more_somebody_else').create()
|
||||||
res1 = self._create_port(self.fmt,
|
res1 = self._create_port(self.fmt,
|
||||||
@ -6700,7 +6701,7 @@ class DbModelMixin(object):
|
|||||||
|
|
||||||
network_obj.NetworkRBAC(
|
network_obj.NetworkRBAC(
|
||||||
ctx, object_id=network.id,
|
ctx, object_id=network.id,
|
||||||
action='access_as_shared',
|
action=rbac_db_models.ACCESS_SHARED,
|
||||||
project_id=network.project_id,
|
project_id=network.project_id,
|
||||||
target_project='*').create()
|
target_project='*').create()
|
||||||
net2 = models_v2.Network(name="net_net2", status="OK",
|
net2 = models_v2.Network(name="net_net2", status="OK",
|
||||||
|
@ -34,7 +34,8 @@ class NetworkRbacTestcase(test_plugin.NeutronDbPluginV2TestCase):
|
|||||||
self.context = context.get_admin_context()
|
self.context = context.get_admin_context()
|
||||||
super(NetworkRbacTestcase, self).setUp(plugin='ml2')
|
super(NetworkRbacTestcase, self).setUp(plugin='ml2')
|
||||||
|
|
||||||
def _make_networkrbac(self, network, target, action='access_as_shared'):
|
def _make_networkrbac(self, network, target,
|
||||||
|
action=rbac_db_models.ACCESS_SHARED):
|
||||||
policy = {
|
policy = {
|
||||||
'rbac_policy': {'project_id': network['network']['project_id'],
|
'rbac_policy': {'project_id': network['network']['project_id'],
|
||||||
'object_id': network['network']['id'],
|
'object_id': network['network']['id'],
|
||||||
@ -71,7 +72,7 @@ class NetworkRbacTestcase(test_plugin.NeutronDbPluginV2TestCase):
|
|||||||
self._assert_external_net_state(net_id, is_external=False)
|
self._assert_external_net_state(net_id, is_external=False)
|
||||||
policy = self._make_networkrbac(ext_net,
|
policy = self._make_networkrbac(ext_net,
|
||||||
'*',
|
'*',
|
||||||
'access_as_external')
|
rbac_db_models.ACCESS_EXTERNAL)
|
||||||
self.plugin.create_rbac_policy(self.context, policy)
|
self.plugin.create_rbac_policy(self.context, policy)
|
||||||
self._assert_external_net_state(net_id, is_external=True)
|
self._assert_external_net_state(net_id, is_external=True)
|
||||||
|
|
||||||
@ -96,7 +97,7 @@ class NetworkRbacTestcase(test_plugin.NeutronDbPluginV2TestCase):
|
|||||||
with self.network() as ext_net:
|
with self.network() as ext_net:
|
||||||
policy = self._make_networkrbac(ext_net,
|
policy = self._make_networkrbac(ext_net,
|
||||||
orig_target,
|
orig_target,
|
||||||
'access_as_external')
|
rbac_db_models.ACCESS_EXTERNAL)
|
||||||
netrbac = self.plugin.create_rbac_policy(self.context, policy)
|
netrbac = self.plugin.create_rbac_policy(self.context, policy)
|
||||||
update_policy = {'rbac_policy': {'target_project': new_target}}
|
update_policy = {'rbac_policy': {'target_project': new_target}}
|
||||||
|
|
||||||
@ -114,7 +115,7 @@ class NetworkRbacTestcase(test_plugin.NeutronDbPluginV2TestCase):
|
|||||||
self._assert_external_net_state(net_id, is_external=False)
|
self._assert_external_net_state(net_id, is_external=False)
|
||||||
policy = self._make_networkrbac(ext_net,
|
policy = self._make_networkrbac(ext_net,
|
||||||
'*',
|
'*',
|
||||||
'access_as_external')
|
rbac_db_models.ACCESS_EXTERNAL)
|
||||||
net_rbac = self.plugin.create_rbac_policy(self.context, policy)
|
net_rbac = self.plugin.create_rbac_policy(self.context, policy)
|
||||||
self._assert_external_net_state(net_id, is_external=True)
|
self._assert_external_net_state(net_id, is_external=True)
|
||||||
self.plugin.delete_rbac_policy(self.context, net_rbac['id'])
|
self.plugin.delete_rbac_policy(self.context, net_rbac['id'])
|
||||||
@ -126,12 +127,12 @@ class NetworkRbacTestcase(test_plugin.NeutronDbPluginV2TestCase):
|
|||||||
self._assert_external_net_state(net_id, is_external=False)
|
self._assert_external_net_state(net_id, is_external=False)
|
||||||
policy1 = self._make_networkrbac(ext_net,
|
policy1 = self._make_networkrbac(ext_net,
|
||||||
'test-tenant-1',
|
'test-tenant-1',
|
||||||
'access_as_external')
|
rbac_db_models.ACCESS_EXTERNAL)
|
||||||
net_rbac1 = self.plugin.create_rbac_policy(self.context, policy1)
|
net_rbac1 = self.plugin.create_rbac_policy(self.context, policy1)
|
||||||
self._assert_external_net_state(net_id, is_external=True)
|
self._assert_external_net_state(net_id, is_external=True)
|
||||||
policy2 = self._make_networkrbac(ext_net,
|
policy2 = self._make_networkrbac(ext_net,
|
||||||
'test-tenant-2',
|
'test-tenant-2',
|
||||||
'access_as_external')
|
rbac_db_models.ACCESS_EXTERNAL)
|
||||||
self.plugin.create_rbac_policy(self.context, policy2)
|
self.plugin.create_rbac_policy(self.context, policy2)
|
||||||
self._assert_external_net_state(net_id, is_external=True)
|
self._assert_external_net_state(net_id, is_external=True)
|
||||||
self.plugin.delete_rbac_policy(self.context, net_rbac1['id'])
|
self.plugin.delete_rbac_policy(self.context, net_rbac1['id'])
|
||||||
|
Loading…
Reference in New Issue
Block a user