Network: Add supports rbac target-all-projects

Add a boolean option "target-all-projects",
which allows creating rbac policy for all projects.

Change-Id: Ie3af83a1bba7dd66e83b0595bb276bf8fd105831
Closes-Bug: #1728525
Closes-Bug: #1704834

2 files changed, 40 insertions, 7 deletions

diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py
index 90754737..6cf82559 100644
--- a/openstackclient/network/v2/network_rbac.py
+++ b/openstackclient/network/v2/network_rbac.py
@@ -51,11 +51,14 @@ def _get_attrs(client_manager, parsed_args):
     attrs['object_id'] = object_id
 
     identity_client = client_manager.identity
-    project_id = identity_common.find_project(
-        identity_client,
-        parsed_args.target_project,
-        parsed_args.target_project_domain,
-    ).id
+    if parsed_args.target_project is not None:
+        project_id = identity_common.find_project(
+            identity_client,
+            parsed_args.target_project,
+            parsed_args.target_project_domain,
+        ).id
+    elif parsed_args.target_all_projects:
+        project_id = '*'
     attrs['target_tenant'] = project_id
     if parsed_args.project is not None:
         project_id = identity_common.find_project(
@@ -96,13 +99,19 @@ class CreateNetworkRBAC(command.ShowOne):
             help=_('Action for the RBAC policy '
                    '("access_as_external" or "access_as_shared")')
         )
-        parser.add_argument(
+        target_project_group = parser.add_mutually_exclusive_group(
+            required=True)
+        target_project_group.add_argument(
             '--target-project',
-            required=True,
             metavar="<target-project>",
             help=_('The project to which the RBAC policy '
                    'will be enforced (name or ID)')
         )
+        target_project_group.add_argument(
+            '--target-all-projects',
+            action='store_true',
+            help=_('Allow creating RBAC policy for all projects.')
+        )
         parser.add_argument(
             '--target-project-domain',
             metavar='<target-project-domain>',
diff --git a/openstackclient/tests/unit/network/v2/test_network_rbac.py b/openstackclient/tests/unit/network/v2/test_network_rbac.py
index 935ce075..70c38528 100644
--- a/openstackclient/tests/unit/network/v2/test_network_rbac.py
+++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py
@@ -163,6 +163,30 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
         self.assertEqual(self.columns, columns)
         self.assertEqual(self.data, list(data))
 
+    def test_network_rbac_create_with_target_all_projects(self):
+        arglist = [
+            '--type', self.rbac_policy.object_type,
+            '--action', self.rbac_policy.action,
+            '--target-all-projects',
+            self.rbac_policy.object_id,
+        ]
+        verifylist = [
+            ('type', self.rbac_policy.object_type),
+            ('action', self.rbac_policy.action),
+            ('target_all_projects', True),
+            ('rbac_object', self.rbac_policy.object_id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.create_rbac_policy.assert_called_with(**{
+            'object_id': self.rbac_policy.object_id,
+            'object_type': self.rbac_policy.object_type,
+            'action': self.rbac_policy.action,
+            'target_tenant': '*',
+        })
+
     def test_network_rbac_create_all_options(self):
         arglist = [
             '--type', self.rbac_policy.object_type,