Merge "Implement rbac list and show command"
This commit is contained in:
commit
ab18045c97
35
doc/source/command-objects/network-rbac.rst
Normal file
35
doc/source/command-objects/network-rbac.rst
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
============
|
||||||
|
network rbac
|
||||||
|
============
|
||||||
|
|
||||||
|
A **network rbac** is a Role-Based Access Control (RBAC) policy for
|
||||||
|
network resources. It enables both operators and users to grant access
|
||||||
|
to network resources for specific projects.
|
||||||
|
|
||||||
|
Network v2
|
||||||
|
|
||||||
|
network rbac list
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
List network RBAC policies
|
||||||
|
|
||||||
|
.. program:: network rbac list
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
os network rbac list
|
||||||
|
|
||||||
|
network rbac show
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
Display network RBAC policy details
|
||||||
|
|
||||||
|
.. program:: network rbac show
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
os network rbac show
|
||||||
|
<rbac-policy>
|
||||||
|
|
||||||
|
.. _network_rbac_show-rbac-policy:
|
||||||
|
.. describe:: <rbac-policy>
|
||||||
|
|
||||||
|
RBAC policy (ID only)
|
@ -109,6 +109,7 @@ referring to both Compute and Volume quotas.
|
|||||||
* ``mapping``: (**Identity**) a definition to translate identity provider attributes to Identity concepts
|
* ``mapping``: (**Identity**) a definition to translate identity provider attributes to Identity concepts
|
||||||
* ``module``: (**Internal**) - installed Python modules in the OSC process
|
* ``module``: (**Internal**) - installed Python modules in the OSC process
|
||||||
* ``network``: (**Compute**, **Network**) - a virtual network for connecting servers and other resources
|
* ``network``: (**Compute**, **Network**) - a virtual network for connecting servers and other resources
|
||||||
|
* ``network rbac``: (**Network**) - an RBAC policy for network resources
|
||||||
* ``network segment``: (**Network**) - a segment of a virtual network
|
* ``network segment``: (**Network**) - a segment of a virtual network
|
||||||
* ``object``: (**Object Storage**) a single file in the Object Storage
|
* ``object``: (**Object Storage**) a single file in the Object Storage
|
||||||
* ``object store account``: (**Object Storage**) owns a group of Object Storage resources
|
* ``object store account``: (**Object Storage**) owns a group of Object Storage resources
|
||||||
|
75
openstackclient/network/v2/network_rbac.py
Normal file
75
openstackclient/network/v2/network_rbac.py
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
"""RBAC action implementations"""
|
||||||
|
|
||||||
|
from osc_lib.command import command
|
||||||
|
from osc_lib import utils
|
||||||
|
|
||||||
|
from openstackclient.i18n import _
|
||||||
|
|
||||||
|
|
||||||
|
def _get_columns(item):
|
||||||
|
columns = list(item.keys())
|
||||||
|
if 'tenant_id' in columns:
|
||||||
|
columns.remove('tenant_id')
|
||||||
|
columns.append('project_id')
|
||||||
|
if 'target_tenant' in columns:
|
||||||
|
columns.remove('target_tenant')
|
||||||
|
columns.append('target_project')
|
||||||
|
return tuple(sorted(columns))
|
||||||
|
|
||||||
|
|
||||||
|
class ListNetworkRBAC(command.Lister):
|
||||||
|
"""List network RBAC policies"""
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.network
|
||||||
|
|
||||||
|
columns = (
|
||||||
|
'id',
|
||||||
|
'object_type',
|
||||||
|
'object_id',
|
||||||
|
)
|
||||||
|
column_headers = (
|
||||||
|
'ID',
|
||||||
|
'Object Type',
|
||||||
|
'Object ID',
|
||||||
|
)
|
||||||
|
|
||||||
|
data = client.rbac_policies()
|
||||||
|
return (column_headers,
|
||||||
|
(utils.get_item_properties(
|
||||||
|
s, columns,
|
||||||
|
) for s in data))
|
||||||
|
|
||||||
|
|
||||||
|
class ShowNetworkRBAC(command.ShowOne):
|
||||||
|
"""Display network RBAC policy details"""
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(ShowNetworkRBAC, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'rbac_policy',
|
||||||
|
metavar="<rbac-policy>",
|
||||||
|
help=_("RBAC policy (ID only)")
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.network
|
||||||
|
obj = client.find_rbac_policy(parsed_args.rbac_policy,
|
||||||
|
ignore_missing=False)
|
||||||
|
columns = _get_columns(obj)
|
||||||
|
data = utils.get_item_properties(obj, columns)
|
||||||
|
return columns, data
|
@ -483,6 +483,57 @@ class FakePort(object):
|
|||||||
return mock.MagicMock(side_effect=ports)
|
return mock.MagicMock(side_effect=ports)
|
||||||
|
|
||||||
|
|
||||||
|
class FakeNetworkRBAC(object):
|
||||||
|
"""Fake one or more network rbac policies."""
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def create_one_network_rbac(attrs=None):
|
||||||
|
"""Create a fake network rbac
|
||||||
|
|
||||||
|
:param Dictionary attrs:
|
||||||
|
A dictionary with all attributes
|
||||||
|
:return:
|
||||||
|
A FakeResource object, with id, action, target_tenant,
|
||||||
|
tenant_id, type
|
||||||
|
"""
|
||||||
|
attrs = attrs or {}
|
||||||
|
|
||||||
|
# Set default attributes
|
||||||
|
rbac_attrs = {
|
||||||
|
'id': 'rbac-id-' + uuid.uuid4().hex,
|
||||||
|
'object_type': 'network',
|
||||||
|
'object_id': 'object-id-' + uuid.uuid4().hex,
|
||||||
|
'action': 'access_as_shared',
|
||||||
|
'target_tenant': 'target-tenant-' + uuid.uuid4().hex,
|
||||||
|
'tenant_id': 'tenant-id-' + uuid.uuid4().hex,
|
||||||
|
}
|
||||||
|
rbac_attrs.update(attrs)
|
||||||
|
rbac = fakes.FakeResource(info=copy.deepcopy(rbac_attrs),
|
||||||
|
loaded=True)
|
||||||
|
# Set attributes with special mapping in OpenStack SDK.
|
||||||
|
rbac.project_id = rbac_attrs['tenant_id']
|
||||||
|
rbac.target_project = rbac_attrs['target_tenant']
|
||||||
|
return rbac
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def create_network_rbacs(attrs=None, count=2):
|
||||||
|
"""Create multiple fake network rbac policies.
|
||||||
|
|
||||||
|
:param Dictionary attrs:
|
||||||
|
A dictionary with all attributes
|
||||||
|
:param int count:
|
||||||
|
The number of rbac policies to fake
|
||||||
|
:return:
|
||||||
|
A list of FakeResource objects faking the rbac policies
|
||||||
|
"""
|
||||||
|
rbac_policies = []
|
||||||
|
for i in range(0, count):
|
||||||
|
rbac_policies.append(FakeNetworkRBAC.
|
||||||
|
create_one_network_rbac(attrs))
|
||||||
|
|
||||||
|
return rbac_policies
|
||||||
|
|
||||||
|
|
||||||
class FakeRouter(object):
|
class FakeRouter(object):
|
||||||
"""Fake one or more routers."""
|
"""Fake one or more routers."""
|
||||||
|
|
||||||
|
122
openstackclient/tests/network/v2/test_network_rbac.py
Normal file
122
openstackclient/tests/network/v2/test_network_rbac.py
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
import mock
|
||||||
|
|
||||||
|
from openstackclient.network.v2 import network_rbac
|
||||||
|
from openstackclient.tests.network.v2 import fakes as network_fakes
|
||||||
|
from openstackclient.tests import utils as tests_utils
|
||||||
|
|
||||||
|
|
||||||
|
class TestNetworkRBAC(network_fakes.TestNetworkV2):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestNetworkRBAC, self).setUp()
|
||||||
|
|
||||||
|
# Get a shortcut to the network client
|
||||||
|
self.network = self.app.client_manager.network
|
||||||
|
|
||||||
|
|
||||||
|
class TestListNetworkRABC(TestNetworkRBAC):
|
||||||
|
|
||||||
|
# The network rbac policies going to be listed up.
|
||||||
|
rbac_policies = network_fakes.FakeNetworkRBAC.create_network_rbacs(count=3)
|
||||||
|
|
||||||
|
columns = (
|
||||||
|
'ID',
|
||||||
|
'Object Type',
|
||||||
|
'Object ID',
|
||||||
|
)
|
||||||
|
|
||||||
|
data = []
|
||||||
|
for r in rbac_policies:
|
||||||
|
data.append((
|
||||||
|
r.id,
|
||||||
|
r.object_type,
|
||||||
|
r.object_id,
|
||||||
|
))
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestListNetworkRABC, self).setUp()
|
||||||
|
|
||||||
|
# Get the command object to test
|
||||||
|
self.cmd = network_rbac.ListNetworkRBAC(self.app, self.namespace)
|
||||||
|
|
||||||
|
self.network.rbac_policies = mock.Mock(return_value=self.rbac_policies)
|
||||||
|
|
||||||
|
def test_network_rbac_list(self):
|
||||||
|
arglist = []
|
||||||
|
verifylist = []
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
# DisplayCommandBase.take_action() returns two tuples
|
||||||
|
columns, data = self.cmd.take_action(parsed_args)
|
||||||
|
|
||||||
|
self.network.rbac_policies.assert_called_with()
|
||||||
|
self.assertEqual(self.columns, columns)
|
||||||
|
self.assertEqual(self.data, list(data))
|
||||||
|
|
||||||
|
|
||||||
|
class TestShowNetworkRBAC(TestNetworkRBAC):
|
||||||
|
|
||||||
|
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac()
|
||||||
|
|
||||||
|
columns = (
|
||||||
|
'action',
|
||||||
|
'id',
|
||||||
|
'object_id',
|
||||||
|
'object_type',
|
||||||
|
'project_id',
|
||||||
|
'target_project',
|
||||||
|
)
|
||||||
|
|
||||||
|
data = [
|
||||||
|
rbac_policy.action,
|
||||||
|
rbac_policy.id,
|
||||||
|
rbac_policy.object_id,
|
||||||
|
rbac_policy.object_type,
|
||||||
|
rbac_policy.tenant_id,
|
||||||
|
rbac_policy.target_tenant,
|
||||||
|
]
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestShowNetworkRBAC, self).setUp()
|
||||||
|
|
||||||
|
# Get the command object to test
|
||||||
|
self.cmd = network_rbac.ShowNetworkRBAC(self.app, self.namespace)
|
||||||
|
|
||||||
|
self.network.find_rbac_policy = mock.Mock(
|
||||||
|
return_value=self.rbac_policy)
|
||||||
|
|
||||||
|
def test_show_no_options(self):
|
||||||
|
arglist = []
|
||||||
|
verifylist = []
|
||||||
|
|
||||||
|
self.assertRaises(tests_utils.ParserException, self.check_parser,
|
||||||
|
self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
def test_network_rbac_show_all_options(self):
|
||||||
|
arglist = [
|
||||||
|
self.rbac_policy.object_id,
|
||||||
|
]
|
||||||
|
verifylist = []
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
# DisplayCommandBase.take_action() returns two tuples
|
||||||
|
columns, data = self.cmd.take_action(parsed_args)
|
||||||
|
|
||||||
|
self.network.find_rbac_policy.assert_called_with(
|
||||||
|
self.rbac_policy.object_id, ignore_missing=False
|
||||||
|
)
|
||||||
|
self.assertEqual(self.columns, columns)
|
||||||
|
self.assertEqual(self.data, list(data))
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Add ``network rbac list`` and ``network rbac show`` commands.
|
||||||
|
[Blueprint `neutron-client-rbac <https://blueprints.launchpad.net/python-openstackclient/+spec/neutron-client-rbac>`_]
|
@ -360,6 +360,9 @@ openstack.network.v2 =
|
|||||||
network_set = openstackclient.network.v2.network:SetNetwork
|
network_set = openstackclient.network.v2.network:SetNetwork
|
||||||
network_show = openstackclient.network.v2.network:ShowNetwork
|
network_show = openstackclient.network.v2.network:ShowNetwork
|
||||||
|
|
||||||
|
network_rbac_list = openstackclient.network.v2.network_rbac:ListNetworkRBAC
|
||||||
|
network_rbac_show = openstackclient.network.v2.network_rbac:ShowNetworkRBAC
|
||||||
|
|
||||||
network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment
|
network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment
|
||||||
network_segment_show = openstackclient.network.v2.network_segment:ShowNetworkSegment
|
network_segment_show = openstackclient.network.v2.network_segment:ShowNetworkSegment
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user