Implement neutron RBAC commands

Registered by Richard Theis on 2016-02-26

Implement neutron RBAC commands

neutronclient has the following RBAC commands that need to be implemented in openstackclient
- rbac-create
- rbac-delete
- rbac-list
- rbac-show
- rbac-update (OSC may need both set and unset commands)

Blueprint information

Status:
Complete
Approver:
Richard Theis
Priority:
Medium
Drafter:
Richard Theis
Direction:
Approved
Assignee:
ting.wang
Definition:
Approved
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Richard Theis on 2016-05-27
Completed by
Richard Theis on 2016-10-03

Related branches

Sprints

Whiteboard

08/10/2016 (rtheis): I think this work is completed. If not complete, please update the blueprint description with the remaining work.

According to NeutronClient, rbac command only support update the target_tenant of a rbac policy object. So, maybe it don't necessary to need unset command in OSC.

This part aims to explain how I plan to implement command 'openstack rbac list' and 'openstack rbac show'[1]

$neutron rbac-list
+--------------------------------------+-------------+--------------------------------------+
| id | object_type | object_id |
+--------------------------------------+-------------+--------------------------------------+
| 374f5ea8-9be3-4f34-a78f-450a5e275228 | network | a6511829-3e2b-4001-b457-7c223a04b20b |
| f1af9230-a959-4e4d-8e35-6c7c1b1e88c2 | network | f9d3460e-22a6-4ae2-8705-83ebafdcc0da |
+--------------------------------------+-------------+--------------------------------------+

In neutronclient, there are not any optional arguments in command 'rbac-list' although the response looks like this:
RESP BODY: {"rbac_policies": [{"target_tenant": "*", "tenant_id": "82c2afcd955e4b28ab8825ef2a61074c", "object_type": "network", "object_id": "a6511829-3e2b-4001-b457-7c223a04b20b", "action": "access_as_external", "id": "374f5ea8-9be3-4f34-a78f-450a5e275228"}, {"target_tenant": "c45eb3a281d34e3e8fa7c2809fad7a25", "tenant_id": "82c2afcd955e4b28ab8825ef2a61074c", "object_type": "network", "object_id": "f9d3460e-22a6-4ae2-8705-83ebafdcc0da", "action": "access_as_shared", "id": "f1af9230-a959-4e4d-8e35-6c7c1b1e88c2"}]}

The other arguments like "target_tenant" will be displayed when we execute command "neutron rbac show ***".

Similarly, executing command "openstack rbac list" will return result like this:
$ openstack rbac list
+--------------------------------------+-------------+--------------------------------------+
| ID | Object_type | Object_id |
+--------------------------------------+-------------+--------------------------------------+
| 374f5ea8-9be3-4f34-a78f-450a5e275228 | network | a6511829-3e2b-4001-b457-7c223a04b20b |
| f1af9230-a959-4e4d-8e35-6c7c1b1e88c2 | network | f9d3460e-22a6-4ae2-8705-83ebafdcc0da |
+--------------------------------------+-------------+--------------------------------------+
and no optional arguments supplied.

And executing command 'openstack rbac show' will output the other information.
$ openstack rbac show 374f5ea8-9be3-4f34-a78f-450a5e275228
+-------------------+--------------------------------------+
 | Field | Value |
+-------------------+--------------------------------------+
 | action | access_as_external |
 | id | 374f5ea8-9be3-4f34-a78f-450a5e275228 |
 | object_id | a6511829-3e2b-4001-b457-7c223a04b20b |
 | object_type | network |
 | project_id | 82c2afcd955e4b28ab8825ef2a61074c |
 | target_tenant | * |
+--------------------+--------------------------------------+

ref:
[1]about rbac in neutron:
https://developer.rackspace.com/blog/A-First-Look-at-RBAC-in-the-Liberty-Release-of-Neutron/

Gerrit topic: https://review.openstack.org/#q,topic:bp/neutron-client-rbac,n,z

Addressed by: https://review.openstack.org/319522
    Implement rbac list and show command

Addressed by: https://review.openstack.org/346705
    Implement network rbac create and delete commands

Addressed by: https://review.openstack.org/349947
    Implement "network rbac set" command

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.