1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# Copyright 2015 Huawei Technologies India Pvt Ltd.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutronclient._i18n import _
from neutronclient.common import utils
from neutronclient.neutron import v2_0 as neutronV20
# key=object_type: value={key=resource, value=cmd_resource}
RBAC_OBJECTS = {'network': {'network': 'network'},
'qos-policy': {'policy': 'qos_policy'}}
def _get_cmd_resource(obj_type):
resource = list(RBAC_OBJECTS[obj_type])[0]
cmd_resource = RBAC_OBJECTS[obj_type][resource]
return resource, cmd_resource
def get_rbac_obj_params(client, obj_type, obj_id_or_name):
resource, cmd_resource = _get_cmd_resource(obj_type)
obj_id = neutronV20.find_resourceid_by_name_or_id(
client=client, resource=resource, name_or_id=obj_id_or_name,
cmd_resource=cmd_resource)
return obj_id, cmd_resource
class ListRBACPolicy(neutronV20.ListCommand):
"""List RBAC policies that belong to a given tenant."""
resource = 'rbac_policy'
list_columns = ['id', 'object_type', 'object_id']
pagination_support = True
sorting_support = True
allow_names = False
class ShowRBACPolicy(neutronV20.ShowCommand):
"""Show information of a given RBAC policy."""
resource = 'rbac_policy'
allow_names = False
class CreateRBACPolicy(neutronV20.CreateCommand):
"""Create a RBAC policy for a given tenant."""
resource = 'rbac_policy'
def add_known_arguments(self, parser):
parser.add_argument(
'name',
metavar='RBAC_OBJECT',
help=_('ID or name of the RBAC object.'))
parser.add_argument(
'--type', choices=RBAC_OBJECTS.keys(),
required=True,
type=utils.convert_to_lowercase,
help=_('Type of the object that RBAC policy affects.'))
parser.add_argument(
'--target-tenant',
default='*',
help=_('ID of the tenant to which the RBAC '
'policy will be enforced.'))
parser.add_argument(
'--action', choices=['access_as_external', 'access_as_shared'],
type=utils.convert_to_lowercase,
required=True,
help=_('Action for the RBAC policy.'))
def args2body(self, parsed_args):
neutron_client = self.get_client()
neutron_client.format = parsed_args.request_format
_object_id, _object_type = get_rbac_obj_params(neutron_client,
parsed_args.type,
parsed_args.name)
body = {
'object_id': _object_id,
'object_type': _object_type,
'target_tenant': parsed_args.target_tenant,
'action': parsed_args.action,
}
return {self.resource: body}
class UpdateRBACPolicy(neutronV20.UpdateCommand):
"""Update RBAC policy for given tenant."""
resource = 'rbac_policy'
allow_names = False
def add_known_arguments(self, parser):
parser.add_argument(
'--target-tenant',
help=_('ID of the tenant to which the RBAC '
'policy will be enforced.'))
def args2body(self, parsed_args):
body = {'target_tenant': parsed_args.target_tenant}
return {self.resource: body}
class DeleteRBACPolicy(neutronV20.DeleteCommand):
"""Delete a RBAC policy."""
resource = 'rbac_policy'
allow_names = False
|
