diff options
Diffstat (limited to 'openstackclient')
| -rw-r--r-- | openstackclient/network/v2/network_rbac.py | 13 | ||||
| -rw-r--r-- | openstackclient/tests/unit/network/v2/fakes.py | 33 | ||||
| -rw-r--r-- | openstackclient/tests/unit/network/v2/test_network_rbac.py | 40 |
3 files changed, 82 insertions, 4 deletions
diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py index 6cf82559..140c837e 100644 --- a/openstackclient/network/v2/network_rbac.py +++ b/openstackclient/network/v2/network_rbac.py @@ -48,6 +48,10 @@ def _get_attrs(client_manager, parsed_args): object_id = network_client.find_qos_policy( parsed_args.rbac_object, ignore_missing=False).id + if parsed_args.type == 'security_group': + object_id = network_client.find_security_group( + parsed_args.rbac_object, + ignore_missing=False).id attrs['object_id'] = object_id identity_client = client_manager.identity @@ -87,9 +91,9 @@ class CreateNetworkRBAC(command.ShowOne): '--type', metavar="<type>", required=True, - choices=['qos_policy', 'network'], + choices=['security_group', 'qos_policy', 'network'], help=_('Type of the object that RBAC policy ' - 'affects ("qos_policy" or "network")') + 'affects ("security_group", "qos_policy" or "network")') ) parser.add_argument( '--action', @@ -178,9 +182,10 @@ class ListNetworkRBAC(command.Lister): parser.add_argument( '--type', metavar='<type>', - choices=['qos_policy', 'network'], + choices=['security_group', 'qos_policy', 'network'], help=_('List network RBAC policies according to ' - 'given object type ("qos_policy" or "network")') + 'given object type ("security_group", "qos_policy" ' + 'or "network")') ) parser.add_argument( '--action', diff --git a/openstackclient/tests/unit/network/v2/fakes.py b/openstackclient/tests/unit/network/v2/fakes.py index 153781e8..100ea2b1 100644 --- a/openstackclient/tests/unit/network/v2/fakes.py +++ b/openstackclient/tests/unit/network/v2/fakes.py @@ -968,6 +968,39 @@ class FakeNetworkQosPolicy(object): return mock.Mock(side_effect=qos_policies) +class FakeNetworkSecGroup(object): + """Fake one security group.""" + + @staticmethod + def create_one_security_group(attrs=None): + """Create a fake security group. + + :param Dictionary attrs: + A dictionary with all attributes + :return: + A FakeResource object with name, id, etc. + """ + attrs = attrs or {} + sg_id = attrs.get('id') or 'security-group-id-' + uuid.uuid4().hex + + # Set default attributes. + security_group_attrs = { + 'name': 'security-group-name-' + uuid.uuid4().hex, + 'id': sg_id, + 'tenant_id': 'project-id-' + uuid.uuid4().hex, + 'description': 'security-group-description-' + uuid.uuid4().hex + } + + security_group = fakes.FakeResource( + info=copy.deepcopy(security_group_attrs), + loaded=True) + + # Set attributes with special mapping in OpenStack SDK. + security_group.project_id = security_group_attrs['tenant_id'] + + return security_group + + class FakeNetworkQosRule(object): """Fake one or more Network QoS rules.""" diff --git a/openstackclient/tests/unit/network/v2/test_network_rbac.py b/openstackclient/tests/unit/network/v2/test_network_rbac.py index 70c38528..96440091 100644 --- a/openstackclient/tests/unit/network/v2/test_network_rbac.py +++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py @@ -37,6 +37,7 @@ class TestCreateNetworkRBAC(TestNetworkRBAC): network_object = network_fakes.FakeNetwork.create_one_network() qos_object = network_fakes.FakeNetworkQosPolicy.create_one_qos_policy() + sg_object = network_fakes.FakeNetworkSecGroup.create_one_security_group() project = identity_fakes_v3.FakeProject.create_one_project() rbac_policy = network_fakes.FakeNetworkRBAC.create_one_network_rbac( attrs={'tenant_id': project.id, @@ -74,6 +75,8 @@ class TestCreateNetworkRBAC(TestNetworkRBAC): return_value=self.network_object) self.network.find_qos_policy = mock.Mock( return_value=self.qos_object) + self.network.find_security_group = mock.Mock( + return_value=self.sg_object) self.projects_mock.get.return_value = self.project def test_network_rbac_create_no_type(self): @@ -258,6 +261,43 @@ class TestCreateNetworkRBAC(TestNetworkRBAC): self.assertEqual(self.columns, columns) self.assertEqual(self.data, list(data)) + def test_network_rbac_create_security_group_object(self): + self.rbac_policy.object_type = 'security_group' + self.rbac_policy.object_id = self.sg_object.id + arglist = [ + '--type', 'security_group', + '--action', self.rbac_policy.action, + '--target-project', self.rbac_policy.target_tenant, + self.sg_object.name, + ] + verifylist = [ + ('type', 'security_group'), + ('action', self.rbac_policy.action), + ('target_project', self.rbac_policy.target_tenant), + ('rbac_object', self.sg_object.name), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + # DisplayCommandBase.take_action() returns two tuples + columns, data = self.cmd.take_action(parsed_args) + + self.network.create_rbac_policy.assert_called_with(**{ + 'object_id': self.sg_object.id, + 'object_type': 'security_group', + 'action': self.rbac_policy.action, + 'target_tenant': self.rbac_policy.target_tenant, + }) + self.data = [ + self.rbac_policy.action, + self.rbac_policy.id, + self.sg_object.id, + 'security_group', + self.rbac_policy.tenant_id, + self.rbac_policy.target_tenant, + ] + self.assertEqual(self.columns, columns) + self.assertEqual(self.data, list(data)) + class TestDeleteNetworkRBAC(TestNetworkRBAC): |