6 files changed, 151 insertions, 6 deletions

diff --git a/doc/source/command-objects/network-rbac.rst b/doc/source/command-objects/network-rbac.rst
index ff929491..8acf0979 100644
--- a/doc/source/command-objects/network-rbac.rst
+++ b/doc/source/command-objects/network-rbac.rst
@@ -80,6 +80,32 @@ List network RBAC policies
 
     os network rbac list
 
+network rbac set
+----------------
+
+Set network RBAC policy properties
+
+.. program:: network rbac set
+.. code:: bash
+
+    os network rbac set
+        [--target-project <target-project> [--target-project-domain <target-project-domain>]]
+        <rbac-policy>
+
+.. option:: --target-project <target-project>
+
+    The project to which the RBAC policy will be enforced (name or ID)
+
+.. option:: --target-project-domain <target-project-domain>
+
+    Domain the target project belongs to (name or ID).
+    This can be used in case collisions between project names exist.
+
+.. _network_rbac_set-rbac-policy:
+.. describe:: <rbac-policy>
+
+    RBAC policy to be modified (ID only)
+
 network rbac show
 -----------------
 
diff --git a/functional/tests/network/v2/test_network_rbac.py b/functional/tests/network/v2/test_network_rbac.py
index 5d8cc1cc..e7e35858 100644
--- a/functional/tests/network/v2/test_network_rbac.py
+++ b/functional/tests/network/v2/test_network_rbac.py
@@ -12,12 +12,15 @@
 
 import uuid
 
+import testtools
+
 from functional.common import test
 
 
 class NetworkRBACTests(test.TestCase):
     """Functional tests for network rbac. """
     NET_NAME = uuid.uuid4().hex
+    PROJECT_NAME = uuid.uuid4().hex
     OBJECT_ID = None
     ID = None
     HEADERS = ['ID']
@@ -39,10 +42,10 @@ class NetworkRBACTests(test.TestCase):
 
     @classmethod
     def tearDownClass(cls):
-        raw_output = cls.openstack('network rbac delete ' + cls.ID)
-        cls.assertOutput('', raw_output)
-        raw_output = cls.openstack('network delete ' + cls.OBJECT_ID)
-        cls.assertOutput('', raw_output)
+        raw_output_rbac = cls.openstack('network rbac delete ' + cls.ID)
+        raw_output_network = cls.openstack('network delete ' + cls.OBJECT_ID)
+        cls.assertOutput('', raw_output_rbac)
+        cls.assertOutput('', raw_output_network)
 
     def test_network_rbac_list(self):
         opts = self.get_opts(self.HEADERS)
@@ -53,3 +56,21 @@ class NetworkRBACTests(test.TestCase):
         opts = self.get_opts(self.FIELDS)
         raw_output = self.openstack('network rbac show ' + self.ID + opts)
         self.assertEqual(self.ID + "\n", raw_output)
+
+    # TODO(Huanxuan Ao): This test can pass after bug
+    # https://bugs.launchpad.net/python-openstackclient/+bug/1608903 fixed.
+    @testtools.skip(
+        'Skip because of the bug '
+        'https://bugs.launchpad.net/python-openstackclient/+bug/1608903')
+    def test_network_rbac_set(self):
+        opts = self.get_opts(self.FIELDS)
+        project_id = self.openstack(
+            'project create ' + self.PROJECT_NAME + opts)
+        self.openstack('network rbac set ' + self.ID +
+                       ' --target-project ' + self.PROJECT_NAME)
+        opts = self.get_opts(['target_project'])
+        raw_output_rbac = self.openstack('network rbac show ' + self.ID + opts)
+        raw_output_project = self.openstack(
+            'project delete ' + self.PROJECT_NAME)
+        self.assertEqual(project_id, raw_output_rbac)
+        self.assertOutput('', raw_output_project)
diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py
index 62968376..f4dfd4e7 100644
--- a/openstackclient/network/v2/network_rbac.py
+++ b/openstackclient/network/v2/network_rbac.py
@@ -186,6 +186,47 @@ class ListNetworkRBAC(command.Lister):
                 ) for s in data))
 
 
+class SetNetworkRBAC(command.Command):
+    """Set network RBAC policy properties"""
+
+    def get_parser(self, prog_name):
+        parser = super(SetNetworkRBAC, self).get_parser(prog_name)
+        parser.add_argument(
+            'rbac_policy',
+            metavar="<rbac-policy>",
+            help=_("RBAC policy to be modified (ID only)")
+        )
+        parser.add_argument(
+            '--target-project',
+            metavar="<target-project>",
+            help=_('The project to which the RBAC policy '
+                   'will be enforced (name or ID)')
+        )
+        parser.add_argument(
+            '--target-project-domain',
+            metavar='<target-project-domain>',
+            help=_('Domain the target project belongs to (name or ID). '
+                   'This can be used in case collisions between project names '
+                   'exist.'),
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        client = self.app.client_manager.network
+        obj = client.find_rbac_policy(parsed_args.rbac_policy,
+                                      ignore_missing=False)
+        attrs = {}
+        if parsed_args.target_project:
+            identity_client = self.app.client_manager.identity
+            project_id = identity_common.find_project(
+                identity_client,
+                parsed_args.target_project,
+                parsed_args.target_project_domain,
+            ).id
+            attrs['target_tenant'] = project_id
+        client.update_rbac_policy(obj, **attrs)
+
+
 class ShowNetworkRBAC(command.ShowOne):
     """Display network RBAC policy details"""
 
diff --git a/openstackclient/tests/network/v2/test_network_rbac.py b/openstackclient/tests/network/v2/test_network_rbac.py
index 5d6e9cfa..6255ada7 100644
--- a/openstackclient/tests/network/v2/test_network_rbac.py
+++ b/openstackclient/tests/network/v2/test_network_rbac.py
@@ -317,6 +317,62 @@ class TestListNetworkRABC(TestNetworkRBAC):
         self.assertEqual(self.data, list(data))
 
 
+class TestSetNetworkRBAC(TestNetworkRBAC):
+
+    project = identity_fakes_v3.FakeProject.create_one_project()
+    rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac(
+        attrs={'target_tenant': project.id})
+
+    def setUp(self):
+        super(TestSetNetworkRBAC, self).setUp()
+
+        # Get the command object to test
+        self.cmd = network_rbac.SetNetworkRBAC(self.app, self.namespace)
+
+        self.network.find_rbac_policy = mock.Mock(
+            return_value=self.rbac_policy)
+        self.network.update_rbac_policy = mock.Mock(return_value=None)
+        self.projects_mock.get.return_value = self.project
+
+    def test_network_rbac_set_nothing(self):
+        arglist = [
+            self.rbac_policy.id,
+        ]
+        verifylist = [
+            ('rbac_policy', self.rbac_policy.id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+        self.network.find_rbac_policy.assert_called_once_with(
+            self.rbac_policy.id, ignore_missing=False
+        )
+        attrs = {}
+        self.network.update_rbac_policy.assert_called_once_with(
+            self.rbac_policy, **attrs)
+        self.assertIsNone(result)
+
+    def test_network_rbac_set(self):
+        arglist = [
+            '--target-project', self.project.id,
+            self.rbac_policy.id,
+        ]
+        verifylist = [
+            ('target_project', self.project.id),
+            ('rbac_policy', self.rbac_policy.id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+        self.network.find_rbac_policy.assert_called_once_with(
+            self.rbac_policy.id, ignore_missing=False
+        )
+        attrs = {'target_tenant': self.project.id}
+        self.network.update_rbac_policy.assert_called_once_with(
+            self.rbac_policy, **attrs)
+        self.assertIsNone(result)
+
+
 class TestShowNetworkRBAC(TestNetworkRBAC):
 
     rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac()
diff --git a/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml b/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml
index 7a00e587..eef92c93 100644
--- a/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml
+++ b/releasenotes/notes/bp-neutron-client-rbac-bbd7b545b50d2bdf.yaml
@@ -1,5 +1,5 @@
 ---
 features:
-  - Add ``network rbac list``, ``network rbac show``, ``network rbac create``
-    and ``network rbac delete`` commands.
+  - Add ``network rbac list``, ``network rbac show``, ``network rbac create``,
+    ``network rbac delete`` and ``network rbac set`` commands.
     [Blueprint `neutron-client-rbac <https://blueprints.launchpad.net/python-openstackclient/+spec/neutron-client-rbac>`_]
diff --git a/setup.cfg b/setup.cfg
index c0bb2219..fa2067a7 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -364,6 +364,7 @@ openstack.network.v2 =
     network_rbac_create = openstackclient.network.v2.network_rbac:CreateNetworkRBAC
     network_rbac_delete = openstackclient.network.v2.network_rbac:DeleteNetworkRBAC
     network_rbac_list = openstackclient.network.v2.network_rbac:ListNetworkRBAC
+    network_rbac_set = openstackclient.network.v2.network_rbac:SetNetworkRBAC
     network_rbac_show = openstackclient.network.v2.network_rbac:ShowNetworkRBAC
 
     network_segment_list = openstackclient.network.v2.network_segment:ListNetworkSegment