Merge "Add 'address_scope' type support to network rbac commands"
This commit is contained in:
Zuul
Gerrit Code Review
commit
347c5b9df4
@ -11,6 +11,7 @@ cmd2==0.8.0
|
|||||||
contextlib2==0.4.0
|
contextlib2==0.4.0
|
||||||
coverage==4.0
|
coverage==4.0
|
||||||
cryptography==2.1
|
cryptography==2.1
|
||||||
|
ddt==1.0.1
|
||||||
debtcollector==1.2.0
|
debtcollector==1.2.0
|
||||||
decorator==4.4.1
|
decorator==4.4.1
|
||||||
deprecation==1.0
|
deprecation==1.0
|
||||||
|
|||||||
@ -58,6 +58,10 @@ def _get_attrs(client_manager, parsed_args):
|
|||||||
object_id = network_client.find_security_group(
|
object_id = network_client.find_security_group(
|
||||||
parsed_args.rbac_object,
|
parsed_args.rbac_object,
|
||||||
ignore_missing=False).id
|
ignore_missing=False).id
|
||||||
|
if parsed_args.type == 'address_scope':
|
||||||
|
object_id = network_client.find_address_scope(
|
||||||
|
parsed_args.rbac_object,
|
||||||
|
ignore_missing=False).id
|
||||||
attrs['object_id'] = object_id
|
attrs['object_id'] = object_id
|
||||||
|
|
||||||
identity_client = client_manager.identity
|
identity_client = client_manager.identity
|
||||||
@ -97,9 +101,11 @@ class CreateNetworkRBAC(command.ShowOne):
|
|||||||
'--type',
|
'--type',
|
||||||
metavar="<type>",
|
metavar="<type>",
|
||||||
required=True,
|
required=True,
|
||||||
choices=['security_group', 'qos_policy', 'network'],
|
choices=['address_scope', 'security_group',
|
||||||
|
'qos_policy', 'network'],
|
||||||
help=_('Type of the object that RBAC policy '
|
help=_('Type of the object that RBAC policy '
|
||||||
'affects ("security_group", "qos_policy" or "network")')
|
'affects ("address_scope", "security_group", '
|
||||||
|
'"qos_policy" or "network")')
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--action',
|
'--action',
|
||||||
@ -188,10 +194,11 @@ class ListNetworkRBAC(command.Lister):
|
|||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--type',
|
'--type',
|
||||||
metavar='<type>',
|
metavar='<type>',
|
||||||
choices=['security_group', 'qos_policy', 'network'],
|
choices=['address_scope', 'security_group',
|
||||||
|
'qos_policy', 'network'],
|
||||||
help=_('List network RBAC policies according to '
|
help=_('List network RBAC policies according to '
|
||||||
'given object type ("security_group", "qos_policy" '
|
'given object type ("address_scope", "security_group", '
|
||||||
'or "network")')
|
'"qos_policy" or "network")')
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--action',
|
'--action',
|
||||||
|
|||||||
@ -14,6 +14,7 @@
|
|||||||
from unittest import mock
|
from unittest import mock
|
||||||
from unittest.mock import call
|
from unittest.mock import call
|
||||||
|
|
||||||
|
import ddt
|
||||||
from osc_lib import exceptions
|
from osc_lib import exceptions
|
||||||
|
|
||||||
from openstackclient.network.v2 import network_rbac
|
from openstackclient.network.v2 import network_rbac
|
||||||
@ -33,11 +34,13 @@ class TestNetworkRBAC(network_fakes.TestNetworkV2):
|
|||||||
self.projects_mock = self.app.client_manager.identity.projects
|
self.projects_mock = self.app.client_manager.identity.projects
|
||||||
|
|
||||||
|
|
||||||
|
@ddt.ddt
|
||||||
class TestCreateNetworkRBAC(TestNetworkRBAC):
|
class TestCreateNetworkRBAC(TestNetworkRBAC):
|
||||||
|
|
||||||
network_object = network_fakes.FakeNetwork.create_one_network()
|
network_object = network_fakes.FakeNetwork.create_one_network()
|
||||||
qos_object = network_fakes.FakeNetworkQosPolicy.create_one_qos_policy()
|
qos_object = network_fakes.FakeNetworkQosPolicy.create_one_qos_policy()
|
||||||
sg_object = network_fakes.FakeNetworkSecGroup.create_one_security_group()
|
sg_object = network_fakes.FakeNetworkSecGroup.create_one_security_group()
|
||||||
|
as_object = network_fakes.FakeAddressScope.create_one_address_scope()
|
||||||
project = identity_fakes_v3.FakeProject.create_one_project()
|
project = identity_fakes_v3.FakeProject.create_one_project()
|
||||||
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac(
|
rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac(
|
||||||
attrs={'tenant_id': project.id,
|
attrs={'tenant_id': project.id,
|
||||||
@ -77,6 +80,8 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
|
|||||||
return_value=self.qos_object)
|
return_value=self.qos_object)
|
||||||
self.network.find_security_group = mock.Mock(
|
self.network.find_security_group = mock.Mock(
|
||||||
return_value=self.sg_object)
|
return_value=self.sg_object)
|
||||||
|
self.network.find_address_scope = mock.Mock(
|
||||||
|
return_value=self.as_object)
|
||||||
self.projects_mock.get.return_value = self.project
|
self.projects_mock.get.return_value = self.project
|
||||||
|
|
||||||
def test_network_rbac_create_no_type(self):
|
def test_network_rbac_create_no_type(self):
|
||||||
@ -224,20 +229,28 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
|
|||||||
self.assertEqual(self.columns, columns)
|
self.assertEqual(self.columns, columns)
|
||||||
self.assertEqual(self.data, list(data))
|
self.assertEqual(self.data, list(data))
|
||||||
|
|
||||||
def test_network_rbac_create_qos_object(self):
|
@ddt.data(
|
||||||
self.rbac_policy.object_type = 'qos_policy'
|
('qos_policy', "qos_object"),
|
||||||
self.rbac_policy.object_id = self.qos_object.id
|
('security_group', "sg_object"),
|
||||||
|
('address_scope', "as_object")
|
||||||
|
)
|
||||||
|
@ddt.unpack
|
||||||
|
def test_network_rbac_create_object(self, obj_type, obj_fake_attr):
|
||||||
|
obj_fake = getattr(self, obj_fake_attr)
|
||||||
|
|
||||||
|
self.rbac_policy.object_type = obj_type
|
||||||
|
self.rbac_policy.object_id = obj_fake.id
|
||||||
arglist = [
|
arglist = [
|
||||||
'--type', 'qos_policy',
|
'--type', obj_type,
|
||||||
'--action', self.rbac_policy.action,
|
'--action', self.rbac_policy.action,
|
||||||
'--target-project', self.rbac_policy.target_tenant,
|
'--target-project', self.rbac_policy.target_tenant,
|
||||||
self.qos_object.name,
|
obj_fake.name,
|
||||||
]
|
]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('type', 'qos_policy'),
|
('type', obj_type),
|
||||||
('action', self.rbac_policy.action),
|
('action', self.rbac_policy.action),
|
||||||
('target_project', self.rbac_policy.target_tenant),
|
('target_project', self.rbac_policy.target_tenant),
|
||||||
('rbac_object', self.qos_object.name),
|
('rbac_object', obj_fake.name),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -245,53 +258,16 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
|
|||||||
columns, data = self.cmd.take_action(parsed_args)
|
columns, data = self.cmd.take_action(parsed_args)
|
||||||
|
|
||||||
self.network.create_rbac_policy.assert_called_with(**{
|
self.network.create_rbac_policy.assert_called_with(**{
|
||||||
'object_id': self.qos_object.id,
|
'object_id': obj_fake.id,
|
||||||
'object_type': 'qos_policy',
|
'object_type': obj_type,
|
||||||
'action': self.rbac_policy.action,
|
'action': self.rbac_policy.action,
|
||||||
'target_tenant': self.rbac_policy.target_tenant,
|
'target_tenant': self.rbac_policy.target_tenant,
|
||||||
})
|
})
|
||||||
self.data = [
|
self.data = [
|
||||||
self.rbac_policy.action,
|
self.rbac_policy.action,
|
||||||
self.rbac_policy.id,
|
self.rbac_policy.id,
|
||||||
self.qos_object.id,
|
obj_fake.id,
|
||||||
'qos_policy',
|
obj_type,
|
||||||
self.rbac_policy.tenant_id,
|
|
||||||
self.rbac_policy.target_tenant,
|
|
||||||
]
|
|
||||||
self.assertEqual(self.columns, columns)
|
|
||||||
self.assertEqual(self.data, list(data))
|
|
||||||
|
|
||||||
def test_network_rbac_create_security_group_object(self):
|
|
||||||
self.rbac_policy.object_type = 'security_group'
|
|
||||||
self.rbac_policy.object_id = self.sg_object.id
|
|
||||||
arglist = [
|
|
||||||
'--type', 'security_group',
|
|
||||||
'--action', self.rbac_policy.action,
|
|
||||||
'--target-project', self.rbac_policy.target_tenant,
|
|
||||||
self.sg_object.name,
|
|
||||||
]
|
|
||||||
verifylist = [
|
|
||||||
('type', 'security_group'),
|
|
||||||
('action', self.rbac_policy.action),
|
|
||||||
('target_project', self.rbac_policy.target_tenant),
|
|
||||||
('rbac_object', self.sg_object.name),
|
|
||||||
]
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
||||||
|
|
||||||
# DisplayCommandBase.take_action() returns two tuples
|
|
||||||
columns, data = self.cmd.take_action(parsed_args)
|
|
||||||
|
|
||||||
self.network.create_rbac_policy.assert_called_with(**{
|
|
||||||
'object_id': self.sg_object.id,
|
|
||||||
'object_type': 'security_group',
|
|
||||||
'action': self.rbac_policy.action,
|
|
||||||
'target_tenant': self.rbac_policy.target_tenant,
|
|
||||||
})
|
|
||||||
self.data = [
|
|
||||||
self.rbac_policy.action,
|
|
||||||
self.rbac_policy.id,
|
|
||||||
self.sg_object.id,
|
|
||||||
'security_group',
|
|
||||||
self.rbac_policy.tenant_id,
|
self.rbac_policy.tenant_id,
|
||||||
self.rbac_policy.target_tenant,
|
self.rbac_policy.target_tenant,
|
||||||
]
|
]
|
||||||
|
|||||||
@ -0,0 +1,4 @@
|
|||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add ``address_scope`` as a valid ``--type`` value for the
|
||||||
|
``network rbac create`` and ``network rbac list`` commands.
|
||||||
@ -17,3 +17,4 @@ tempest>=17.1.0 # Apache-2.0
|
|||||||
osprofiler>=1.4.0 # Apache-2.0
|
osprofiler>=1.4.0 # Apache-2.0
|
||||||
bandit!=1.6.0,>=1.1.0 # Apache-2.0
|
bandit!=1.6.0,>=1.1.0 # Apache-2.0
|
||||||
wrapt>=1.7.0 # BSD License
|
wrapt>=1.7.0 # BSD License
|
||||||
|
ddt>=1.0.1 # MIT
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user