python-openstackclient/doc/source/command-objects/network-rbac.rst

============
network rbac
============

A **network rbac** is a Role-Based Access Control (RBAC) policy for
network resources. It enables both operators and users to grant access
to network resources for specific projects.

Network v2

network rbac create
-------------------

Create network RBAC policy

.. program:: network rbac create
.. code:: bash

    os network rbac create
        --type <type>
        --action <action>
        --target-project <target-project> [--target-project-domain <target-project-domain>]
        [--project <project> [--project-domain <project-domain>]]
        <rbac-policy>

.. option:: --type <type>

    Type of the object that RBAC policy affects ("qos_policy" or "network") (required)

.. option:: --action <action>

    Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)

.. option:: --target-project <target-project>

    The project to which the RBAC policy will be enforced (name or ID) (required)

.. option:: --target-project-domain <target-project-domain>

    Domain the target project belongs to (name or ID).
    This can be used in case collisions between project names exist.

.. option:: --project <project>

    The owner project (name or ID)

.. option:: --project-domain <project-domain>

    Domain the project belongs to (name or ID).
    This can be used in case collisions between project names exist.

.. _network_rbac_create-rbac-policy:
.. describe:: <rbac-object>

    The object to which this RBAC policy affects (name or ID for network objects, ID only for QoS policy objects)

network rbac delete
-------------------

Delete network RBAC policy(s)

.. program:: network rbac delete
.. code:: bash

    os network rbac delete
        <rbac-policy> [<rbac-policy> ...]

.. _network_rbac_delete-rbac-policy:
.. describe:: <rbac-policy>

    RBAC policy(s) to delete (ID only)

network rbac list
-----------------

List network RBAC policies

.. program:: network rbac list
.. code:: bash

    os network rbac list

network rbac set
----------------

Set network RBAC policy properties

.. program:: network rbac set
.. code:: bash

    os network rbac set
        [--target-project <target-project> [--target-project-domain <target-project-domain>]]
        <rbac-policy>

.. option:: --target-project <target-project>

    The project to which the RBAC policy will be enforced (name or ID)

.. option:: --target-project-domain <target-project-domain>

    Domain the target project belongs to (name or ID).
    This can be used in case collisions between project names exist.

.. _network_rbac_set-rbac-policy:
.. describe:: <rbac-policy>

    RBAC policy to be modified (ID only)

network rbac show
-----------------

Display network RBAC policy details

.. program:: network rbac show
.. code:: bash

    os network rbac show
        <rbac-policy>

.. _network_rbac_show-rbac-policy:
.. describe:: <rbac-policy>

    RBAC policy (ID only)
Implement rbac list and show command 1. implement "openstack network rbac list" 2. implement "openstack network rbac show" 3. also add FakeRBACPolicy to test "network rbac xxx" command The unit test class similar to FakeRouter, which is able to fake one or more rbac policies. It will be used by the rbac CRUD patches. Change-Id: I6c97bc8819698546895fd530464a2cbb347bf77d Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn> Partially-Implements: blueprint neutron-client-rbac Depends-On: I88f409a24947b67146c0f93ec8480834cef56d2f 2016-05-26 19:55:11 +08:00			`============`
			`network rbac`
			`============`

			`A network rbac is a Role-Based Access Control (RBAC) policy for`
			`network resources. It enables both operators and users to grant access`
			`to network resources for specific projects.`

			`Network v2`

Implement network rbac create and delete commands Add "network rbac create" and "network rbac delete" commands and also add unit tests, functional tests, docs and release note for them. Change-Id: I5fd58342f2deaa9bae7717412a942a21bbd7d045 Partially-Implements: blueprint neutron-client-rbac 2016-07-25 17:37:41 +08:00			`network rbac create`
			`-------------------`

			`Create network RBAC policy`

			`.. program:: network rbac create`
			`.. code:: bash`

			`os network rbac create`
			`--type <type>`
			`--action <action>`
			`--target-project <target-project> [--target-project-domain <target-project-domain>]`
			`[--project <project> [--project-domain <project-domain>]]`
			`<rbac-policy>`

			`.. option:: --type <type>`

			`Type of the object that RBAC policy affects ("qos_policy" or "network") (required)`

			`.. option:: --action <action>`

			`Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)`

			`.. option:: --target-project <target-project>`

			`The project to which the RBAC policy will be enforced (name or ID) (required)`

			`.. option:: --target-project-domain <target-project-domain>`

			`Domain the target project belongs to (name or ID).`
			`This can be used in case collisions between project names exist.`

			`.. option:: --project <project>`

			`The owner project (name or ID)`

			`.. option:: --project-domain <project-domain>`

			`Domain the project belongs to (name or ID).`
			`This can be used in case collisions between project names exist.`

			`.. _network_rbac_create-rbac-policy:`
			`.. describe:: <rbac-object>`

			`The object to which this RBAC policy affects (name or ID for network objects, ID only for QoS policy objects)`

			`network rbac delete`
			`-------------------`

			`Delete network RBAC policy(s)`

			`.. program:: network rbac delete`
			`.. code:: bash`

			`os network rbac delete`
			`<rbac-policy> [<rbac-policy> ...]`

			`.. _network_rbac_delete-rbac-policy:`
			`.. describe:: <rbac-policy>`

			`RBAC policy(s) to delete (ID only)`

Implement rbac list and show command 1. implement "openstack network rbac list" 2. implement "openstack network rbac show" 3. also add FakeRBACPolicy to test "network rbac xxx" command The unit test class similar to FakeRouter, which is able to fake one or more rbac policies. It will be used by the rbac CRUD patches. Change-Id: I6c97bc8819698546895fd530464a2cbb347bf77d Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn> Partially-Implements: blueprint neutron-client-rbac Depends-On: I88f409a24947b67146c0f93ec8480834cef56d2f 2016-05-26 19:55:11 +08:00			`network rbac list`
			`-----------------`

			`List network RBAC policies`

			`.. program:: network rbac list`
			`.. code:: bash`

			`os network rbac list`

Implement "network rbac set" command Add "network rbac set" command which just supports setting a target project. Also, This patch adds the doc, unit test and functional test. But there is a bug of showing network RBAC https://bugs.launchpad.net/python-openstacksdk/+bug/1608903 We need to skip the functional test before this bug fixed. Change-Id: I756f448bb333cf1098a735e57a1c5dc4edf195d4 Partially-Implements: blueprint neutron-client-rbac 2016-08-02 19:30:25 +08:00			`network rbac set`
			`----------------`

			`Set network RBAC policy properties`

			`.. program:: network rbac set`
			`.. code:: bash`

			`os network rbac set`
			`[--target-project <target-project> [--target-project-domain <target-project-domain>]]`
			`<rbac-policy>`

			`.. option:: --target-project <target-project>`

			`The project to which the RBAC policy will be enforced (name or ID)`

			`.. option:: --target-project-domain <target-project-domain>`

			`Domain the target project belongs to (name or ID).`
			`This can be used in case collisions between project names exist.`

			`.. _network_rbac_set-rbac-policy:`
			`.. describe:: <rbac-policy>`

			`RBAC policy to be modified (ID only)`

Implement rbac list and show command 1. implement "openstack network rbac list" 2. implement "openstack network rbac show" 3. also add FakeRBACPolicy to test "network rbac xxx" command The unit test class similar to FakeRouter, which is able to fake one or more rbac policies. It will be used by the rbac CRUD patches. Change-Id: I6c97bc8819698546895fd530464a2cbb347bf77d Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn> Partially-Implements: blueprint neutron-client-rbac Depends-On: I88f409a24947b67146c0f93ec8480834cef56d2f 2016-05-26 19:55:11 +08:00			`network rbac show`
			`-----------------`

			`Display network RBAC policy details`

			`.. program:: network rbac show`
			`.. code:: bash`

			`os network rbac show`
			`<rbac-policy>`

			`.. _network_rbac_show-rbac-policy:`
			`.. describe:: <rbac-policy>`

			`RBAC policy (ID only)`