Network RBAC rule management implemented.
Change-Id: Ia7f06b5e5c3fa7cef56173758d268c58e7f274f1
Related-Prod: SSMCP-149
diff --git a/_states/neutronv2.py b/_states/neutronv2.py
index 81c8fa4..7bfa7fb 100644
--- a/_states/neutronv2.py
+++ b/_states/neutronv2.py
@@ -271,6 +271,58 @@
cloud_name, **kwargs)
+def rbac_get_rule_id(cloud_name, **kwargs):
+ existing_rules = _neutronv2_call('rbac_policies_list',
+ cloud_name=cloud_name)
+
+ match_condition_fields = ['action',
+ 'target_tenant',
+ 'object_id',
+ ]
+
+ for rule in existing_rules['rbac_policies']:
+ match = True
+ for field in match_condition_fields:
+ if rule[field] != kwargs[field]:
+ match = False
+ break
+ if match: return rule['id']
+
+
+def rbac_present(name, cloud_name, **kwargs):
+ resource = 'rbac_policies'
+ # Resolve network name to UID if needed
+ kwargs['object_id'] = __salt__['neutronv2.network_get_details'] \
+ (network_id=kwargs['object_id'],cloud_name=cloud_name)['network']['id']
+
+ if rbac_get_rule_id(cloud_name, **kwargs):
+ return _succeeded('no_changes', name, resource)
+
+ r = _neutronv2_call('{}_create'.format(resource),
+ cloud_name=cloud_name,
+ **kwargs)
+ if r:
+ return _succeeded('create', name, resource, changes=r)
+ else:
+ return _failed('create', name, kwargs)
+
+def rbac_absent(name, cloud_name, **kwargs):
+ resource = 'rbac_policies'
+ # Resolve network name to UID if needed
+ kwargs['object_id'] = __salt__['neutronv2.network_get_details'] \
+ (network_id=kwargs['object_id'],cloud_name=cloud_name)['network']['id']
+
+ rule_id = rbac_get_rule_id(cloud_name, **kwargs)
+
+ if rule_id:
+ r = _neutronv2_call('{}_delete'.format(resource),
+ cloud_name=cloud_name,
+ id=rule_id)
+ return _succeeded('delete', name, resource, changes=r)
+
+ return _succeeded('no_changes', name, resource)
+
+
def _succeeded(op, name, resource, changes=None):
msg_map = {
'create': '{0} {1} created',