openstack/python-openstackclient
Code Issues Proposed changes

Merge "Network: Add supports rbac target-all-projects"

Browse Source
This commit is contained in:
Zuul 2017-11-07 00:20:07 +00:00 committed by Gerrit Code Review
commit c2ebe678f9
4 changed files with 52 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/cli/command-objects/network-rbac.rst
View File

@ -19,7 +19,8 @@ Create network RBAC policy
openstack network rbac create
--type <type>
--action <action>
--target-project <target-project> [--target-project-domain <target-project-domain>]
[--target-project <target-project> | --target-all-projects]
[--target-project-domain <target-project-domain>]
[--project <project> [--project-domain <project-domain>]]
<rbac-policy>
@ -33,7 +34,11 @@ Create network RBAC policy
.. option:: --target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID) (required)
The project to which the RBAC policy will be enforced (name or ID)
.. option:: --target-all-projects
Allow creating RBAC policy for all projects.
.. option:: --target-project-domain <target-project-domain>

23
openstackclient/network/v2/network_rbac.py
View File

@ -51,11 +51,14 @@ def _get_attrs(client_manager, parsed_args):
attrs['object_id'] = object_id
identity_client = client_manager.identity
project_id = identity_common.find_project(
identity_client,
parsed_args.target_project,
parsed_args.target_project_domain,
).id
if parsed_args.target_project is not None:
project_id = identity_common.find_project(
identity_client,
parsed_args.target_project,
parsed_args.target_project_domain,
).id
elif parsed_args.target_all_projects:
project_id = '*'
attrs['target_tenant'] = project_id
if parsed_args.project is not None:
project_id = identity_common.find_project(
@ -96,13 +99,19 @@ class CreateNetworkRBAC(command.ShowOne):
help=_('Action for the RBAC policy '
'("access_as_external" or "access_as_shared")')
)
parser.add_argument(
target_project_group = parser.add_mutually_exclusive_group(
required=True)
target_project_group.add_argument(
'--target-project',
required=True,
metavar="<target-project>",
help=_('The project to which the RBAC policy '
'will be enforced (name or ID)')
)
target_project_group.add_argument(
'--target-all-projects',
action='store_true',
help=_('Allow creating RBAC policy for all projects.')
)
parser.add_argument(
'--target-project-domain',
metavar='<target-project-domain>',

24
openstackclient/tests/unit/network/v2/test_network_rbac.py
View File

@ -163,6 +163,30 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
self.assertEqual(self.columns, columns)
self.assertEqual(self.data, list(data))
def test_network_rbac_create_with_target_all_projects(self):
arglist = [
'--type', self.rbac_policy.object_type,
'--action', self.rbac_policy.action,
'--target-all-projects',
self.rbac_policy.object_id,
]
verifylist = [
('type', self.rbac_policy.object_type),
('action', self.rbac_policy.action),
('target_all_projects', True),
('rbac_object', self.rbac_policy.object_id),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
columns, data = self.cmd.take_action(parsed_args)
self.network.create_rbac_policy.assert_called_with(**{
'object_id': self.rbac_policy.object_id,
'object_type': self.rbac_policy.object_type,
'action': self.rbac_policy.action,
'target_tenant': '*',
})
def test_network_rbac_create_all_options(self):
arglist = [
'--type', self.rbac_policy.object_type,

5
releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Add ``target-all-projects`` option in ``rbac create`` command.
[Bug `1728525 <https://bugs.launchpad.net/python-openstackclient/+bug/1728525>`_]