Enable users to list subnets on shared networks

author Salvatore Orlando <salv.orlando@gmail.com>

Tue, 21 Aug 2012 15:26:24 +0000 (08:26 -0700)

committer Salvatore Orlando <salv.orlando@gmail.com>

Tue, 21 Aug 2012 15:27:50 +0000 (08:27 -0700)
author Salvatore Orlando <salv.orlando@gmail.com>
Tue, 21 Aug 2012 15:26:24 +0000 (08:26 -0700)
committer Salvatore Orlando <salv.orlando@gmail.com>
Tue, 21 Aug 2012 15:27:50 +0000 (08:27 -0700)
diff --git a/etc/policy.json b/etc/policy.json

index d0761adc8bbd0dd0b231822611bdcf6f5d498d56..f53080cc541f55a1886cab6d051313d0f7485232 100644 (file)
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -13,8 +13,13 @@
      "networks:shared:read": [["rule:regular_user"]],
      "networks:shared:write": [["rule:admin_only"]],
  
+    "subnets:private:read": [["rule:admin_or_owner"]],
+    "subnets:private:write": [["rule:admin_or_owner"]],
+    "subnets:shared:read": [["rule:regular_user"]],
+    "subnets:shared:write": [["rule:admin_only"]],
+
      "create_subnet": [["rule:admin_or_network_owner"]],
-    "get_subnet": [["rule:admin_or_owner"]],
+    "get_subnet": [],
      "update_subnet": [["rule:admin_or_network_owner"]],
      "delete_subnet": [["rule:admin_or_network_owner"]],
  
diff --git a/quantum/api/v2/attributes.py b/quantum/api/v2/attributes.py

index 92b29aa143323a9feb435dfc17a3f8e7ed5c84d6..46a9bc84154b5963d504f4e71148bc38c912f953 100644 (file)
--- a/quantum/api/v2/attributes.py
+++ b/quantum/api/v2/attributes.py
@@ -278,7 +278,11 @@ RESOURCE_ATTRIBUTE_MAP = {
          SHARED: {'allow_post': False,
                   'allow_put': False,
                   'default': False,
-                 'is_visible': False},
+                 'convert_to': convert_to_boolean,
+                 'validate': {'type:boolean': None},
+                 'is_visible': False,
+                 'required_by_policy': True,
+                 'enforce_policy': True},
      }
  }
  
diff --git a/quantum/db/db_base_plugin_v2.py b/quantum/db/db_base_plugin_v2.py

index 289177b1f4a2c7949598a0d7e1ca59cb938690ab..8750a26ebe57e44ac21550227c02b5c0a3f13abc 100644 (file)
--- a/quantum/db/db_base_plugin_v2.py
+++ b/quantum/db/db_base_plugin_v2.py
@@ -710,6 +710,7 @@ class QuantumDbPluginV2(quantum_plugin_base_v2.QuantumPluginBaseV2):
                 'host_routes': [{'destination': route['destination'],
                                  'nexthop': route['nexthop']}
                                 for route in subnet['routes']],
+               'shared': subnet['shared']
                 }
          if subnet['gateway_ip']:
              res['gateway_ip'] = subnet['gateway_ip']
diff --git a/quantum/tests/unit/test_db_plugin.py b/quantum/tests/unit/test_db_plugin.py

index 4f13f5ae9c71a3cdf195e0338c802f32f680e7d8..8ec59546776a66986eb0011363c64236e117776a 100644 (file)
--- a/quantum/tests/unit/test_db_plugin.py
+++ b/quantum/tests/unit/test_db_plugin.py
@@ -1843,6 +1843,28 @@ class TestSubnetsV2(QuantumDbPluginV2TestCase):
                      self.assertEquals(res2['cidr'],
                                        subnet2['subnet']['cidr'])
  
+    def test_list_subnets_shared(self):
+        with self.network(shared=True) as network:
+            with self.subnet(network=network, cidr='10.0.0.0/24') as subnet:
+                with self.subnet(cidr='10.0.1.0/24') as priv_subnet:
+                    # normal user should see only 1 subnet
+                    req = self.new_list_request('subnets')
+                    req.environ['quantum.context'] = context.Context(
+                        '', 'some_tenant')
+                    res = self.deserialize('json',
+                                           req.get_response(self.api))
+                    self.assertEqual(len(res['subnets']), 1)
+                    self.assertEquals(res['subnets'][0]['cidr'],
+                                      subnet['subnet']['cidr'])
+                    # admin will see both subnets
+                    admin_req = self.new_list_request('subnets')
+                    admin_res = self.deserialize(
+                        'json', admin_req.get_response(self.api))
+                    self.assertEqual(len(admin_res['subnets']), 2)
+                    cidrs = [sub['cidr'] for sub in admin_res['subnets']]
+                    self.assertIn(subnet['subnet']['cidr'], cidrs)
+                    self.assertIn(priv_subnet['subnet']['cidr'], cidrs)
+
      def test_list_subnets_with_parameter(self):
          # NOTE(jkoelker) This would be a good place to use contextlib.nested
          #                or just drop 2.6 support ;)
author	Salvatore Orlando <salv.orlando@gmail.com>
	Tue, 21 Aug 2012 15:26:24 +0000 (08:26 -0700)
committer	Salvatore Orlando <salv.orlando@gmail.com>
	Tue, 21 Aug 2012 15:27:50 +0000 (08:27 -0700)
etc/policy.json		patch \| blob \| history
quantum/api/v2/attributes.py		patch \| blob \| history
quantum/db/db_base_plugin_v2.py		patch \| blob \| history
quantum/tests/unit/test_db_plugin.py		patch \| blob \| history