Support Role-based Access Control for Networks

Include the URL of your launchpad blueprint:

https://blueprints.launchpad.net/heat/+spec/support-rbac-for-networks

Currently there is no support about Role-based Access Control for Networks in heat. So add a new namespace called OS::Neutron::RBACPolicy for the rbac resource.

Problem description

There are new rbac-policies api in Liberty which needed to be supported by heat. We need to add a new namespace for it.

Proposed change

we need to add the following resource

RBACPolicy

Specification.

RBACPolicy

Create a RBAC policy for a given tenant.

Namespace: OS::Neutron::RBACPolicy

Required Properties:

object_type:
Type of the object that RBAC policy affects. String Value.
target_tenant:
ID of the tenant to which the RBAC policy will be enforced. String Value. Update allowed.
action:
Action for the RBAC policy. String Value.
object_id:
ID or name of the RBAC object. String Value.

Supported object_type and action:

SUPPORTED_TYPES_ACTIONS = {‘network’: [‘access_as_shared’]}

Optional Properties:

tenant_id:
The owner tenant ID. Only required if the caller has an administrative role and wants to create a rbac for another tenant. String Value.

Alternatives

None

Implementation

Assignee(s)

Primary assignee:
Di XiaoLi <dixiaobj@cn.ibm.com>

Milestones

Target Milestone for completion:
mitaka-3

Work Items

  • Add new namespace for OS::Neutron::RBACPolicy resource.

Dependencies

None