Add support for implied roles

gophercloud · Apr 26, 2024 · df88729 · df88729
1 parent 8b1eebe
commit df88729
Show file tree

Hide file tree

Showing 7 changed files with 441 additions and 0 deletions.
diff --git a/internal/acceptance/openstack/identity/v3/roles_test.go b/internal/acceptance/openstack/identity/v3/roles_test.go
@@ -789,3 +789,47 @@ func TestRolesAssignToGroupOnProject(t *testing.T) {
 
 	th.AssertEquals(t, found, true)
 }
+
+func TestCRUDRoleInferenceRule(t *testing.T) {
+	clients.RequireAdmin(t)
+
+	client, err := clients.NewIdentityV3Client()
+	th.AssertNoErr(t, err)
+
+	priorRoleCreateOpts := roles.CreateOpts{
+		Name: "priorRole",
+		Extra: map[string]interface{}{
+			"description": "prior_role description",
+		},
+	}
+	// Create prior_role in the default domain
+	priorRole, err := CreateRole(t, client, &priorRoleCreateOpts)
+	th.AssertNoErr(t, err)
+	defer DeleteRole(t, client, priorRole.ID)
+	tools.PrintResource(t, priorRole)
+	tools.PrintResource(t, priorRole.Extra)
+
+	impliedRoleCreateOpts := roles.CreateOpts{
+		Name: "impliedRole",
+		Extra: map[string]interface{}{
+			"description": "implied_role description",
+		},
+	}
+	// Create implied_role in the default domain
+	impliedRole, err := CreateRole(t, client, &impliedRoleCreateOpts)
+	th.AssertNoErr(t, err)
+	defer DeleteRole(t, client, impliedRole.ID)
+	tools.PrintResource(t, impliedRole)
+	tools.PrintResource(t, impliedRole.Extra)
+
+	roleInferenceRule, err := roles.CreateRoleInferenceRule(context.TODO(), client, priorRole.ID, impliedRole.ID).Extract()
+	defer roles.DeleteRoleInferenceRule(context.TODO(), client, priorRole.ID, impliedRole.ID)
+
+	tools.PrintResource(t, roleInferenceRule)
+	th.AssertNoErr(t, err)
+
+	roleInferenceRule, err = roles.ListRoleInferenceRules(context.TODO(), client).Extract()
+	tools.PrintResource(t, roleInferenceRule)
+	th.AssertNoErr(t, err)
+
+}
diff --git a/openstack/identity/v3/roles/doc.go b/openstack/identity/v3/roles/doc.go
@@ -128,6 +128,36 @@ Example to Unassign a Role From a User in a Project
 		ProjectID: projectID,
 	}).ExtractErr()
 
+	if err != nil {
+		panic(err)
+	}
+
+Example to Create a Role Inference Rule
+
+	priorRoleID := "7ceab6192ea34a548cc71b24f72e762c"
+	impliedRoleID := "97e2f5d38bc94842bc3da818c16762ed"
+
+	actual, err := roles.CreateRoleInferenceRule(context.TODO(), identityClient, priorRoleID, impliedRoleID).Extract()
+
+	if err != nil {
+		panic(err)
+	}
+
+Example to List Role Inference Rules
+
+	actual, err := roles.ListRoleInferenceRules(context.TODO(), identityClient).Extract()
+
+	if err != nil {
+		panic(err)
+	}
+
+Example to Delete a Role Inference Rule
+
+	priorRoleID := "7ceab6192ea34a548cc71b24f72e762c"
+	impliedRoleID := "97e2f5d38bc94842bc3da818c16762ed"
+
+	actual, err := roles.DeleteRoleInferenceRule(context.TODO(), identityClient, priorRoleID, impliedRoleID).ExtractErr()
+
 	if err != nil {
 		panic(err)
 	}

diff --git a/openstack/identity/v3/roles/requests.go b/openstack/identity/v3/roles/requests.go
@@ -406,3 +406,27 @@ func Unassign(ctx context.Context, client *gophercloud.ServiceClient, roleID str
 	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
 	return
 }
+
+func CreateRoleInferenceRule(ctx context.Context, client *gophercloud.ServiceClient, priorRoleID, impliedRoleID string) (r ImpliedRoleResult) {
+	resp, err := client.Put(ctx, createRoleInferenceRuleURL(client, priorRoleID, impliedRoleID), nil, &r.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{201},
+	})
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}
+
+func ListRoleInferenceRules(ctx context.Context, client *gophercloud.ServiceClient) (r ImpliedRolesListResult) {
+	resp, err := client.Get(ctx, listRoleInferenceRulesURL(client), &r.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}
+
+func DeleteRoleInferenceRule(ctx context.Context, client *gophercloud.ServiceClient, priorRoleID, impliedRoleID string) (r ImpliedRoleDeleteResult) {
+	resp, err := client.Delete(ctx, deleteRoleInferenceRuleURL(client, priorRoleID, impliedRoleID), &gophercloud.RequestOpts{
+		OkCodes: []int{204},
+	})
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}
diff --git a/openstack/identity/v3/roles/results.go b/openstack/identity/v3/roles/results.go
@@ -227,3 +227,91 @@ type AssignmentResult struct {
 type UnassignmentResult struct {
 	gophercloud.ErrResult
 }
+
+// ImpliedRoleResult is the result of an PUT request. Call its Extract method to
+// interpret it as a roleInference.
+type ImpliedRoleResult struct {
+	gophercloud.Result
+}
+type PriorRole struct {
+	// ID contains the ID of the role in a prior_role object.
+	ID string `json:"id,omitempty"`
+	// Name contains the name of a role in a prior_role object.
+	Name string `json:"name,omitempty"`
+	// Links contains referencing links to the  prior_role.
+	Links map[string]interface{} `json:"links"`
+}
+
+type ImpliedRole struct {
+	// ID contains the ID of the role in an implied_role object.
+	ID string `json:"id,omitempty"`
+	// Name contains the name of role  in an implied_role.
+	Name string `json:"name,omitempty"`
+	// Links contains referencing links to the implied_role.
+	Links map[string]interface{} `json:"links"`
+}
+
+type RoleInference struct {
+	// PriorRole is the role object that implies a list of implied_role objects.
+	PriorRole PriorRole `json:"prior_role"`
+	// Implies is an array of implied_role objects implied by a prior_role object.
+	ImpliedRole ImpliedRole `json:"implies"`
+}
+
+type RoleInferenceRule struct {
+	RoleInference RoleInference          `json:"role_inference"`
+	Links         map[string]interface{} `json:"links"`
+}
+
+func (r ImpliedRoleResult) Extract() (*RoleInferenceRule, error) {
+	var s = &RoleInferenceRule{}
+	err := r.ExtractInto(s)
+	return s, err
+}
+
+type ImpliedRolesListResult struct {
+	gophercloud.Result
+}
+
+type ImpliedRoleObject struct {
+	// ID contains the ID of the role in an implied_role object.
+	ID string `json:"id,omitempty"`
+	// Name contains the name of role  in an implied_role.
+	Name string `json:"name,omitempty"`
+	// Name contains the name of role  in an implied_role.
+	Description string `json:"description,omitempty"`
+	// Links contains referencing links to the implied_role.
+	Links map[string]interface{} `json:"links"`
+}
+
+type PriorRoleObject struct {
+	// ID contains the ID of the role in an implied_role object.
+	ID string `json:"id,omitempty"`
+	// Name contains the name of role  in an implied_role.
+	Name string `json:"name,omitempty"`
+	// Name contains the name of role  in an implied_role.
+	Description string `json:"description,omitempty"`
+	// Links contains referencing links to the implied_role.
+	Links map[string]interface{} `json:"links"`
+}
+type RoleInferenceRules struct {
+	// PriorRole is the role object that implies a list of implied_role objects.
+	PriorRole PriorRoleObject `json:"prior_role"`
+	// Implies is an array of implied_role objects implied by a prior_role object.
+	ImpliedRoles []ImpliedRoleObject `json:"implies"`
+}
+
+type RoleInferenceRuleList struct {
+	RoleInferenceRuleList []RoleInferenceRules   `json:"role_inferences"`
+	Links                 map[string]interface{} `json:"links"`
+}
+
+func (r ImpliedRolesListResult) Extract() (*RoleInferenceRuleList, error) {
+	var s = &RoleInferenceRuleList{}
+	err := r.ExtractInto(s)
+	return s, err
+}
+
+type ImpliedRoleDeleteResult struct {
+	gophercloud.ErrResult
+}