diff options
| author | Zuul <zuul@review.openstack.org> | 2017-11-07 00:20:07 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2017-11-07 00:20:07 +0000 |
| commit | c2ebe678f9c98588dca35b5129cdcd2a7746b2a2 (patch) | |
| tree | aec71fef88e9816eafc77f0aefca1c73a3c67cfe /openstackclient | |
| parent | e8a87e1478304152e94783ebd50ab4ae621231d9 (diff) | |
| parent | 9ca99b991947c5b932a0c916591cd71568f2ac17 (diff) | |
| download | python-openstackclient-c2ebe678f9c98588dca35b5129cdcd2a7746b2a2.tar.gz | |
Merge "Network: Add supports rbac target-all-projects"
Diffstat (limited to 'openstackclient')
| -rw-r--r-- | openstackclient/network/v2/network_rbac.py | 23 | ||||
| -rw-r--r-- | openstackclient/tests/unit/network/v2/test_network_rbac.py | 24 |
2 files changed, 40 insertions, 7 deletions
diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py index 90754737..6cf82559 100644 --- a/openstackclient/network/v2/network_rbac.py +++ b/openstackclient/network/v2/network_rbac.py @@ -51,11 +51,14 @@ def _get_attrs(client_manager, parsed_args): attrs['object_id'] = object_id identity_client = client_manager.identity - project_id = identity_common.find_project( - identity_client, - parsed_args.target_project, - parsed_args.target_project_domain, - ).id + if parsed_args.target_project is not None: + project_id = identity_common.find_project( + identity_client, + parsed_args.target_project, + parsed_args.target_project_domain, + ).id + elif parsed_args.target_all_projects: + project_id = '*' attrs['target_tenant'] = project_id if parsed_args.project is not None: project_id = identity_common.find_project( @@ -96,13 +99,19 @@ class CreateNetworkRBAC(command.ShowOne): help=_('Action for the RBAC policy ' '("access_as_external" or "access_as_shared")') ) - parser.add_argument( + target_project_group = parser.add_mutually_exclusive_group( + required=True) + target_project_group.add_argument( '--target-project', - required=True, metavar="<target-project>", help=_('The project to which the RBAC policy ' 'will be enforced (name or ID)') ) + target_project_group.add_argument( + '--target-all-projects', + action='store_true', + help=_('Allow creating RBAC policy for all projects.') + ) parser.add_argument( '--target-project-domain', metavar='<target-project-domain>', diff --git a/openstackclient/tests/unit/network/v2/test_network_rbac.py b/openstackclient/tests/unit/network/v2/test_network_rbac.py index 935ce075..70c38528 100644 --- a/openstackclient/tests/unit/network/v2/test_network_rbac.py +++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py @@ -163,6 +163,30 @@ class TestCreateNetworkRBAC(TestNetworkRBAC): self.assertEqual(self.columns, columns) self.assertEqual(self.data, list(data)) + def test_network_rbac_create_with_target_all_projects(self): + arglist = [ + '--type', self.rbac_policy.object_type, + '--action', self.rbac_policy.action, + '--target-all-projects', + self.rbac_policy.object_id, + ] + verifylist = [ + ('type', self.rbac_policy.object_type), + ('action', self.rbac_policy.action), + ('target_all_projects', True), + ('rbac_object', self.rbac_policy.object_id), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + columns, data = self.cmd.take_action(parsed_args) + + self.network.create_rbac_policy.assert_called_with(**{ + 'object_id': self.rbac_policy.object_id, + 'object_type': self.rbac_policy.object_type, + 'action': self.rbac_policy.action, + 'target_tenant': '*', + }) + def test_network_rbac_create_all_options(self): arglist = [ '--type', self.rbac_policy.object_type, |