Add tests and docs for role assignments

terraform-provider-openstack · Mar 17, 2018 · 33ee6d8 · 33ee6d8
1 parent bd45fbf
commit 33ee6d8
Show file tree

Hide file tree

Showing 3 changed files with 198 additions and 0 deletions.
diff --git a/openstack/resource_openstack_identity_role_assignment_v3_test.go b/openstack/resource_openstack_identity_role_assignment_v3_test.go
@@ -0,0 +1,143 @@
+package openstack
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/projects"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/roles"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/users"
+)
+
+func TestAccIdentityV3RoleAssignment_basic(t *testing.T) {
+	var role roles.Role
+	var user users.User
+	var project1, project2 projects.Project
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckAdminOnly(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIdentityV3RoleAssignmentDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIdentityV3RoleAssignment_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIdentityV3RoleAssignmentExists("openstack_identity_role_assignment_v3.role_assignment_1", &role, &user, &project1),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "project_id", project1.Name),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "user_id", user.Name),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "role_id", role.Name),
+				),
+			},
+			resource.TestStep{
+				Config: testAccIdentityV3RoleAssignment_update,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIdentityV3RoleAssignmentExists("openstack_identity_role_assignment_v3.role_assignment_1", &role, &user, &project2),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "project_id", project2.Name),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "user_id", user.Name),
+					resource.TestCheckResourceAttr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "role_id", role.Name),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIdentityV3RoleAssignmentDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+	identityClient, err := config.identityV3Client(OS_REGION_NAME)
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack identity client: %s", err)
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "openstack_identity_role_assignment_v3" {
+			continue
+		}
+
+		_, err := roles.Get(identityClient, rs.Primary.ID).Extract()
+		if err == nil {
+			return fmt.Errorf("Role assignment still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckIdentityV3RoleAssignmentExists(n string, role *roles.Role, user *users.User, project *projects.Project) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+		identityClient, err := config.identityV3Client(OS_REGION_NAME)
+		if err != nil {
+			return fmt.Errorf("Error creating OpenStack identity client: %s", err)
+		}
+
+		split := strings.Split(rs.Primary.ID, "/")
+		projectID, userID, roleID := split[1], split[3], split[4]
+
+		foundProject, err := projects.Get(identityClient, projectID).Extract()
+		if err == nil {
+			return err
+		}
+		foundUser, err := users.Get(identityClient, userID).Extract()
+		if err == nil {
+			return err
+		}
+		foundRole, err := roles.Get(identityClient, roleID).Extract()
+		if err == nil {
+			return err
+		}
+
+		if foundProject.ID != projectID {
+			return fmt.Errorf("Project not found")
+		}
+		if foundUser.ID != userID {
+			return fmt.Errorf("User not found")
+		}
+		if foundRole.ID != roleID {
+			return fmt.Errorf("Role not found")
+		}
+
+		*project = *foundProject
+		*user = *foundUser
+		*role = *foundRole
+
+		return nil
+	}
+}
+
+const testAccIdentityV3RoleAssignment_basic = `
+resource "openstack_identity_role_assignment_v3" "role_assignment_1" {
+  user_id = "demo"
+  project_id = "demo"
+  role_id = "admin"
+}
+`
+
+const testAccIdentityV3RoleAssignment_update = `
+resource "openstack_identity_role_assignment_v3" "role_assignment_1" {
+	user_id = "demo"
+	project_id = "admin"
+	role_id = "admin"
+}
+`
diff --git a/website/docs/r/identity_role_assignment_v3.html.markdown b/website/docs/r/identity_role_assignment_v3.html.markdown
@@ -0,0 +1,52 @@
+---
+layout: "openstack"
+page_title: "OpenStack: openstack_identity_role_assignment_v3"
+sidebar_current: "docs-openstack-resource-identity-role-assignment-v3"
+description: |-
+  Manages a V3 Role assignment within OpenStack Keystone.
+---
+
+# openstack\_identity\_role\_assignment_v3
+
+Manages a V3 Role assignment within OpenStack Keystone.
+
+Note: You _must_ have admin privileges in your OpenStack cloud to use
+this resource.
+
+## Example Usage
+
+```hcl
+resource "openstack_identity_role_assignment_v3" "role_1" {
+  user_id = "admin"
+  domain_id = "default"
+  role_id = "admin"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+DomainID:  domainID,
+		GroupID:   groupID,
+		ProjectID: projectID,
+		UserID:    userID,
+
+* `domain_id` - (Optional; Required if `project_id` is empty) The domain to assign the role in.
+
+* `group_id` - (Optional; Required if `user_id` is empty) The group to assign the role to.
+
+* `project_id` - (Optional; Required if `domain_id` is empty) The project to assign the role in.
+
+* `user_id` - (Optional; Required if `group_id` is empty) The user to assign the role to.
+
+* `role_id` - (Required) The role to assign.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `domain_id` - See Argument Reference above.
+* `project_id` - See Argument Reference above.
+* `group_id` - See Argument Reference above.
+* `user_id` - See Argument Reference above.
+* `role_id` - See Argument Reference above.
diff --git a/website/openstack.erb b/website/openstack.erb
@@ -123,6 +123,9 @@
             <li<%= sidebar_current("docs-openstack-resource-identity-role-v3") %>>
               <a href="/docs/providers/openstack/r/identity_role_v3.html">openstack_identity_role_v3</a>
             </li>
+            <li<%= sidebar_current("docs-openstack-resource-identity-role-assignment-v3") %>>
+              <a href="/docs/providers/openstack/r/identity_role_assignment_v3.html">openstack_identity_role_assignment_v3</a>
+            </li>
             <li<%= sidebar_current("docs-openstack-resource-identity-user-v3") %>>
               <a href="/docs/providers/openstack/r/identity_user_v3.html">openstack_identity_user_v3</a>
             </li>