Add 'security_group' type support to network rbac commands

Partial-Bug: #1817119 Depends-On: https://review.openstack.org/635311 Change-Id: I5f132fa54714514d8dae62df8bc494f3f6476768
2019-02-13 14:17:33 -07:00
parent 3599ebe933
commit be7a75814c
5 changed files with 89 additions and 6 deletions
--- a/doc/source/cli/command-objects/network-rbac.rst
+++ b/doc/source/cli/command-objects/network-rbac.rst
@@ -26,7 +26,7 @@ Create network RBAC policy

 .. option:: --type <type>

-    Type of the object that RBAC policy affects ("qos_policy" or "network") (required)
+    Type of the object that RBAC policy affects ("security_group", "qos_policy" or "network") (required)

 .. option:: --action <action>

@@ -90,7 +90,7 @@ List network RBAC policies

 .. option:: --type <type>

-    List network RBAC policies according to given object type ("qos_policy" or "network")
+    List network RBAC policies according to given object type ("security_group", "qos_policy" or "network")

 .. option:: --action <action>

--- a/openstackclient/network/v2/network_rbac.py
+++ b/openstackclient/network/v2/network_rbac.py
@@ -48,6 +48,10 @@ def _get_attrs(client_manager, parsed_args):
        object_id = network_client.find_qos_policy(
            parsed_args.rbac_object,
            ignore_missing=False).id
+    if parsed_args.type == 'security_group':
+        object_id = network_client.find_security_group(
+            parsed_args.rbac_object,
+            ignore_missing=False).id
    attrs['object_id'] = object_id

    identity_client = client_manager.identity
@@ -87,9 +91,9 @@ class CreateNetworkRBAC(command.ShowOne):
            '--type',
            metavar="<type>",
            required=True,
-            choices=['qos_policy', 'network'],
+            choices=['security_group', 'qos_policy', 'network'],
            help=_('Type of the object that RBAC policy '
-                   'affects ("qos_policy" or "network")')
+                   'affects ("security_group", "qos_policy" or "network")')
        )
        parser.add_argument(
            '--action',
@@ -178,9 +182,10 @@ class ListNetworkRBAC(command.Lister):
        parser.add_argument(
            '--type',
            metavar='<type>',
-            choices=['qos_policy', 'network'],
+            choices=['security_group', 'qos_policy', 'network'],
            help=_('List network RBAC policies according to '
-                   'given object type ("qos_policy" or "network")')
+                   'given object type ("security_group", "qos_policy" '
+                   'or "network")')
        )
        parser.add_argument(
            '--action',
--- a/openstackclient/tests/unit/network/v2/fakes.py
+++ b/openstackclient/tests/unit/network/v2/fakes.py
@@ -908,6 +908,39 @@ class FakeNetworkQosPolicy(object):
        return mock.Mock(side_effect=qos_policies)


+class FakeNetworkSecGroup(object):
+    """Fake one security group."""
+
+    @staticmethod
+    def create_one_security_group(attrs=None):
+        """Create a fake security group.
+
+        :param Dictionary attrs:
+            A dictionary with all attributes
+        :return:
+            A FakeResource object with name, id, etc.
+        """
+        attrs = attrs or {}
+        sg_id = attrs.get('id') or 'security-group-id-' + uuid.uuid4().hex
+
+        # Set default attributes.
+        security_group_attrs = {
+            'name': 'security-group-name-' + uuid.uuid4().hex,
+            'id': sg_id,
+            'tenant_id': 'project-id-' + uuid.uuid4().hex,
+            'description': 'security-group-description-' + uuid.uuid4().hex
+        }
+
+        security_group = fakes.FakeResource(
+            info=copy.deepcopy(security_group_attrs),
+            loaded=True)
+
+        # Set attributes with special mapping in OpenStack SDK.
+        security_group.project_id = security_group_attrs['tenant_id']
+
+        return security_group
+
+
 class FakeNetworkQosRule(object):
    """Fake one or more Network QoS rules."""

--- a/openstackclient/tests/unit/network/v2/test_network_rbac.py
+++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py
@@ -37,6 +37,7 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):

    network_object = network_fakes.FakeNetwork.create_one_network()
    qos_object = network_fakes.FakeNetworkQosPolicy.create_one_qos_policy()
+    sg_object = network_fakes.FakeNetworkSecGroup.create_one_security_group()
    project = identity_fakes_v3.FakeProject.create_one_project()
    rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac(
        attrs={'tenant_id': project.id,
@@ -74,6 +75,8 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
            return_value=self.network_object)
        self.network.find_qos_policy = mock.Mock(
            return_value=self.qos_object)
+        self.network.find_security_group = mock.Mock(
+            return_value=self.sg_object)
        self.projects_mock.get.return_value = self.project

    def test_network_rbac_create_no_type(self):
@@ -258,6 +261,43 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
        self.assertEqual(self.columns, columns)
        self.assertEqual(self.data, list(data))

+    def test_network_rbac_create_security_group_object(self):
+        self.rbac_policy.object_type = 'security_group'
+        self.rbac_policy.object_id = self.sg_object.id
+        arglist = [
+            '--type', 'security_group',
+            '--action', self.rbac_policy.action,
+            '--target-project', self.rbac_policy.target_tenant,
+            self.sg_object.name,
+        ]
+        verifylist = [
+            ('type', 'security_group'),
+            ('action', self.rbac_policy.action),
+            ('target_project', self.rbac_policy.target_tenant),
+            ('rbac_object', self.sg_object.name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # DisplayCommandBase.take_action() returns two tuples
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.create_rbac_policy.assert_called_with(**{
+            'object_id': self.sg_object.id,
+            'object_type': 'security_group',
+            'action': self.rbac_policy.action,
+            'target_tenant': self.rbac_policy.target_tenant,
+        })
+        self.data = [
+            self.rbac_policy.action,
+            self.rbac_policy.id,
+            self.sg_object.id,
+            'security_group',
+            self.rbac_policy.tenant_id,
+            self.rbac_policy.target_tenant,
+        ]
+        self.assertEqual(self.columns, columns)
+        self.assertEqual(self.data, list(data))
+

 class TestDeleteNetworkRBAC(TestNetworkRBAC):

--- a/releasenotes/notes/rbac-add-security-group-35370701a06ac906.yaml
+++ b/releasenotes/notes/rbac-add-security-group-35370701a06ac906.yaml
@@ -0,0 +1,5 @@
+features:
+  - |
+    Add ``security_group`` as a valid ``--type`` value for the
+    ``network rbac create`` and ``network rbac list`` commands.
+