119 lines
3.9 KiB
Python
119 lines
3.9 KiB
Python
|
# Copyright 2015 Huawei Technologies India Pvt Ltd.
|
||
|
# All Rights Reserved
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
|
# not use this file except in compliance with the License. You may obtain
|
||
|
# a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||
|
# License for the specific language governing permissions and limitations
|
||
|
# under the License.
|
||
|
|
||
|
from neutronclient._i18n import _
|
||
|
from neutronclient.common import utils
|
||
|
from neutronclient.neutron import v2_0 as neutronV20
|
||
|
|
||
|
# key=object_type: value={key=resource, value=cmd_resource}
|
||
|
RBAC_OBJECTS = {'network': {'network': 'network'},
|
||
|
'qos-policy': {'policy': 'qos_policy'}}
|
||
|
|
||
|
|
||
|
def _get_cmd_resource(obj_type):
|
||
|
resource = list(RBAC_OBJECTS[obj_type])[0]
|
||
|
cmd_resource = RBAC_OBJECTS[obj_type][resource]
|
||
|
return resource, cmd_resource
|
||
|
|
||
|
|
||
|
def get_rbac_obj_params(client, obj_type, obj_id_or_name):
|
||
|
resource, cmd_resource = _get_cmd_resource(obj_type)
|
||
|
obj_id = neutronV20.find_resourceid_by_name_or_id(
|
||
|
client=client, resource=resource, name_or_id=obj_id_or_name,
|
||
|
cmd_resource=cmd_resource)
|
||
|
|
||
|
return obj_id, cmd_resource
|
||
|
|
||
|
|
||
|
class ListRBACPolicy(neutronV20.ListCommand):
|
||
|
"""List RBAC policies that belong to a given tenant."""
|
||
|
|
||
|
resource = 'rbac_policy'
|
||
|
list_columns = ['id', 'object_type', 'object_id']
|
||
|
pagination_support = True
|
||
|
sorting_support = True
|
||
|
allow_names = False
|
||
|
|
||
|
|
||
|
class ShowRBACPolicy(neutronV20.ShowCommand):
|
||
|
"""Show information of a given RBAC policy."""
|
||
|
|
||
|
resource = 'rbac_policy'
|
||
|
allow_names = False
|
||
|
|
||
|
|
||
|
class CreateRBACPolicy(neutronV20.CreateCommand):
|
||
|
"""Create a RBAC policy for a given tenant."""
|
||
|
|
||
|
resource = 'rbac_policy'
|
||
|
|
||
|
def add_known_arguments(self, parser):
|
||
|
parser.add_argument(
|
||
|
'name',
|
||
|
metavar='RBAC_OBJECT',
|
||
|
help=_('ID or name of the RBAC object.'))
|
||
|
parser.add_argument(
|
||
|
'--type', choices=RBAC_OBJECTS.keys(),
|
||
|
required=True,
|
||
|
type=utils.convert_to_lowercase,
|
||
|
help=_('Type of the object that RBAC policy affects.'))
|
||
|
parser.add_argument(
|
||
|
'--target-tenant',
|
||
|
default='*',
|
||
|
help=_('ID of the tenant to which the RBAC '
|
||
|
'policy will be enforced.'))
|
||
|
parser.add_argument(
|
||
|
'--action', choices=['access_as_external', 'access_as_shared'],
|
||
|
type=utils.convert_to_lowercase,
|
||
|
required=True,
|
||
|
help=_('Action for the RBAC policy.'))
|
||
|
|
||
|
def args2body(self, parsed_args):
|
||
|
neutron_client = self.get_client()
|
||
|
_object_id, _object_type = get_rbac_obj_params(neutron_client,
|
||
|
parsed_args.type,
|
||
|
parsed_args.name)
|
||
|
body = {
|
||
|
'object_id': _object_id,
|
||
|
'object_type': _object_type,
|
||
|
'target_tenant': parsed_args.target_tenant,
|
||
|
'action': parsed_args.action,
|
||
|
}
|
||
|
return {self.resource: body}
|
||
|
|
||
|
|
||
|
class UpdateRBACPolicy(neutronV20.UpdateCommand):
|
||
|
"""Update RBAC policy for given tenant."""
|
||
|
|
||
|
resource = 'rbac_policy'
|
||
|
allow_names = False
|
||
|
|
||
|
def add_known_arguments(self, parser):
|
||
|
parser.add_argument(
|
||
|
'--target-tenant',
|
||
|
help=_('ID of the tenant to which the RBAC '
|
||
|
'policy will be enforced.'))
|
||
|
|
||
|
def args2body(self, parsed_args):
|
||
|
body = {'target_tenant': parsed_args.target_tenant}
|
||
|
return {self.resource: body}
|
||
|
|
||
|
|
||
|
class DeleteRBACPolicy(neutronV20.DeleteCommand):
|
||
|
"""Delete a RBAC policy."""
|
||
|
|
||
|
resource = 'rbac_policy'
|
||
|
allow_names = False
|