Merge "Network: Add supports rbac target-all-projects"

2017-11-07 00:20:07 +00:00 · 2017-11-07 00:20:07 +00:00 · c2ebe678f9
commit c2ebe678f9
parent e8a87e1478 9ca99b9919
4 changed files with 52 additions and 9 deletions
--- a/doc/source/cli/command-objects/network-rbac.rst
+++ b/doc/source/cli/command-objects/network-rbac.rst
@ -19,7 +19,8 @@ Create network RBAC policy
    openstack network rbac create
        --type <type>
        --action <action>
-        --target-project <target-project> [--target-project-domain <target-project-domain>]
+        [--target-project <target-project> | --target-all-projects]
        [--target-project-domain <target-project-domain>]
        [--project <project> [--project-domain <project-domain>]]
        <rbac-policy>
@ -33,7 +34,11 @@ Create network RBAC policy
 .. option:: --target-project <target-project>
-    The project to which the RBAC policy will be enforced (name or ID) (required)
+    The project to which the RBAC policy will be enforced (name or ID)
 .. option:: --target-all-projects
    Allow creating RBAC policy for all projects.
 .. option:: --target-project-domain <target-project-domain>
--- a/openstackclient/network/v2/network_rbac.py
+++ b/openstackclient/network/v2/network_rbac.py
@ -51,11 +51,14 @@ def _get_attrs(client_manager, parsed_args):
    attrs['object_id'] = object_id
    identity_client = client_manager.identity
-    project_id = identity_common.find_project(
+    if parsed_args.target_project is not None:
-        identity_client,
+        project_id = identity_common.find_project(
-        parsed_args.target_project,
+            identity_client,
-        parsed_args.target_project_domain,
+            parsed_args.target_project,
-    ).id
+            parsed_args.target_project_domain,
        ).id
    elif parsed_args.target_all_projects:
        project_id = '*'
    attrs['target_tenant'] = project_id
    if parsed_args.project is not None:
        project_id = identity_common.find_project(
@ -96,13 +99,19 @@ class CreateNetworkRBAC(command.ShowOne):
            help=_('Action for the RBAC policy '
                   '("access_as_external" or "access_as_shared")')
        )
-        parser.add_argument(
+        target_project_group = parser.add_mutually_exclusive_group(
            required=True)
        target_project_group.add_argument(
            '--target-project',
            required=True,
            metavar="<target-project>",
            help=_('The project to which the RBAC policy '
                   'will be enforced (name or ID)')
        )
        target_project_group.add_argument(
            '--target-all-projects',
            action='store_true',
            help=_('Allow creating RBAC policy for all projects.')
        )
        parser.add_argument(
            '--target-project-domain',
            metavar='<target-project-domain>',
--- a/openstackclient/tests/unit/network/v2/test_network_rbac.py
+++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py
@ -163,6 +163,30 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
        self.assertEqual(self.columns, columns)
        self.assertEqual(self.data, list(data))
    def test_network_rbac_create_with_target_all_projects(self):
        arglist = [
            '--type', self.rbac_policy.object_type,
            '--action', self.rbac_policy.action,
            '--target-all-projects',
            self.rbac_policy.object_id,
        ]
        verifylist = [
            ('type', self.rbac_policy.object_type),
            ('action', self.rbac_policy.action),
            ('target_all_projects', True),
            ('rbac_object', self.rbac_policy.object_id),
        ]
        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
        columns, data = self.cmd.take_action(parsed_args)
        self.network.create_rbac_policy.assert_called_with(**{
            'object_id': self.rbac_policy.object_id,
            'object_type': self.rbac_policy.object_type,
            'action': self.rbac_policy.action,
            'target_tenant': '*',
        })
    def test_network_rbac_create_all_options(self):
        arglist = [
            '--type', self.rbac_policy.object_type,
--- a/releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml
+++ b/releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml
@ -0,0 +1,5 @@
 ---
 fixes:
  - |
    Add ``target-all-projects`` option in ``rbac create`` command.
    [Bug `1728525 <https://bugs.launchpad.net/python-openstackclient/+bug/1728525>`_]