From 9ca99b991947c5b932a0c916591cd71568f2ac17 Mon Sep 17 00:00:00 2001
From: Dongcan Ye <hellochosen@gmail.com>
Date: Sun, 5 Nov 2017 01:16:48 -0500
Subject: [PATCH] Network: Add supports rbac target-all-projects

Add a boolean option "target-all-projects",
which allows creating rbac policy for all projects.

Change-Id: Ie3af83a1bba7dd66e83b0595bb276bf8fd105831
Closes-Bug: #1728525
Closes-Bug: #1704834
---
 .../cli/command-objects/network-rbac.rst      |  9 +++++--
 openstackclient/network/v2/network_rbac.py    | 23 ++++++++++++------
 .../unit/network/v2/test_network_rbac.py      | 24 +++++++++++++++++++
 .../notes/bug-1728525-2c40f0c19adbd0e8.yaml   |  5 ++++
 4 files changed, 52 insertions(+), 9 deletions(-)
 create mode 100644 releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml

diff --git a/doc/source/cli/command-objects/network-rbac.rst b/doc/source/cli/command-objects/network-rbac.rst
index c49f29bb3..45fd354de 100644
--- a/doc/source/cli/command-objects/network-rbac.rst
+++ b/doc/source/cli/command-objects/network-rbac.rst
@@ -19,7 +19,8 @@ Create network RBAC policy
     openstack network rbac create
         --type <type>
         --action <action>
-        --target-project <target-project> [--target-project-domain <target-project-domain>]
+        [--target-project <target-project> | --target-all-projects]
+        [--target-project-domain <target-project-domain>]
         [--project <project> [--project-domain <project-domain>]]
         <rbac-policy>
 
@@ -33,7 +34,11 @@ Create network RBAC policy
 
 .. option:: --target-project <target-project>
 
-    The project to which the RBAC policy will be enforced (name or ID) (required)
+    The project to which the RBAC policy will be enforced (name or ID)
+
+.. option:: --target-all-projects
+
+    Allow creating RBAC policy for all projects.
 
 .. option:: --target-project-domain <target-project-domain>
 
diff --git a/openstackclient/network/v2/network_rbac.py b/openstackclient/network/v2/network_rbac.py
index 907547372..6cf82559d 100644
--- a/openstackclient/network/v2/network_rbac.py
+++ b/openstackclient/network/v2/network_rbac.py
@@ -51,11 +51,14 @@ def _get_attrs(client_manager, parsed_args):
     attrs['object_id'] = object_id
 
     identity_client = client_manager.identity
-    project_id = identity_common.find_project(
-        identity_client,
-        parsed_args.target_project,
-        parsed_args.target_project_domain,
-    ).id
+    if parsed_args.target_project is not None:
+        project_id = identity_common.find_project(
+            identity_client,
+            parsed_args.target_project,
+            parsed_args.target_project_domain,
+        ).id
+    elif parsed_args.target_all_projects:
+        project_id = '*'
     attrs['target_tenant'] = project_id
     if parsed_args.project is not None:
         project_id = identity_common.find_project(
@@ -96,13 +99,19 @@ class CreateNetworkRBAC(command.ShowOne):
             help=_('Action for the RBAC policy '
                    '("access_as_external" or "access_as_shared")')
         )
-        parser.add_argument(
+        target_project_group = parser.add_mutually_exclusive_group(
+            required=True)
+        target_project_group.add_argument(
             '--target-project',
-            required=True,
             metavar="<target-project>",
             help=_('The project to which the RBAC policy '
                    'will be enforced (name or ID)')
         )
+        target_project_group.add_argument(
+            '--target-all-projects',
+            action='store_true',
+            help=_('Allow creating RBAC policy for all projects.')
+        )
         parser.add_argument(
             '--target-project-domain',
             metavar='<target-project-domain>',
diff --git a/openstackclient/tests/unit/network/v2/test_network_rbac.py b/openstackclient/tests/unit/network/v2/test_network_rbac.py
index 935ce0758..70c385286 100644
--- a/openstackclient/tests/unit/network/v2/test_network_rbac.py
+++ b/openstackclient/tests/unit/network/v2/test_network_rbac.py
@@ -163,6 +163,30 @@ class TestCreateNetworkRBAC(TestNetworkRBAC):
         self.assertEqual(self.columns, columns)
         self.assertEqual(self.data, list(data))
 
+    def test_network_rbac_create_with_target_all_projects(self):
+        arglist = [
+            '--type', self.rbac_policy.object_type,
+            '--action', self.rbac_policy.action,
+            '--target-all-projects',
+            self.rbac_policy.object_id,
+        ]
+        verifylist = [
+            ('type', self.rbac_policy.object_type),
+            ('action', self.rbac_policy.action),
+            ('target_all_projects', True),
+            ('rbac_object', self.rbac_policy.object_id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.create_rbac_policy.assert_called_with(**{
+            'object_id': self.rbac_policy.object_id,
+            'object_type': self.rbac_policy.object_type,
+            'action': self.rbac_policy.action,
+            'target_tenant': '*',
+        })
+
     def test_network_rbac_create_all_options(self):
         arglist = [
             '--type', self.rbac_policy.object_type,
diff --git a/releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml b/releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml
new file mode 100644
index 000000000..67264af15
--- /dev/null
+++ b/releasenotes/notes/bug-1728525-2c40f0c19adbd0e8.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Add ``target-all-projects`` option in ``rbac create`` command.
+    [Bug `1728525 <https://bugs.launchpad.net/python-openstackclient/+bug/1728525>`_]