-
Notifications
You must be signed in to change notification settings - Fork 359
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests and docs for role assignments
- Loading branch information
Showing
3 changed files
with
216 additions
and
0 deletions.
There are no files selected for viewing
152 changes: 152 additions & 0 deletions
152
openstack/resource_openstack_identity_role_assignment_v3_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
package openstack | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/gophercloud/gophercloud/openstack/identity/v3/projects" | ||
|
||
"github.com/gophercloud/gophercloud/pagination" | ||
|
||
"github.com/hashicorp/terraform/helper/resource" | ||
"github.com/hashicorp/terraform/terraform" | ||
|
||
"github.com/gophercloud/gophercloud/openstack/identity/v3/roles" | ||
"github.com/gophercloud/gophercloud/openstack/identity/v3/users" | ||
) | ||
|
||
func TestAccIdentityV3RoleAssignment_basic(t *testing.T) { | ||
var role roles.Role | ||
var user users.User | ||
var project projects.Project | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { | ||
testAccPreCheck(t) | ||
testAccPreCheckAdminOnly(t) | ||
}, | ||
Providers: testAccProviders, | ||
CheckDestroy: testAccCheckIdentityV3RoleAssignmentDestroy, | ||
Steps: []resource.TestStep{ | ||
resource.TestStep{ | ||
Config: testAccIdentityV3RoleAssignment_basic, | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckIdentityV3RoleAssignmentExists("openstack_identity_role_assignment_v3.role_assignment_1", &role, &user, &project), | ||
resource.TestCheckResourceAttrPtr( | ||
"openstack_identity_role_assignment_v3.role_assignment_1", "project_id", &project.ID), | ||
resource.TestCheckResourceAttrPtr( | ||
"openstack_identity_role_assignment_v3.role_assignment_1", "user_id", &user.ID), | ||
resource.TestCheckResourceAttrPtr( | ||
"openstack_identity_role_assignment_v3.role_assignment_1", "role_id", &role.ID), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccCheckIdentityV3RoleAssignmentDestroy(s *terraform.State) error { | ||
config := testAccProvider.Meta().(*Config) | ||
identityClient, err := config.identityV3Client(OS_REGION_NAME) | ||
if err != nil { | ||
return fmt.Errorf("Error creating OpenStack identity client: %s", err) | ||
} | ||
|
||
for _, rs := range s.RootModule().Resources { | ||
if rs.Type != "openstack_identity_role_assignment_v3" { | ||
continue | ||
} | ||
|
||
_, err := roles.Get(identityClient, rs.Primary.ID).Extract() | ||
if err == nil { | ||
return fmt.Errorf("Role assignment still exists") | ||
} | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func testAccCheckIdentityV3RoleAssignmentExists(n string, role *roles.Role, user *users.User, project *projects.Project) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
rs, ok := s.RootModule().Resources[n] | ||
if !ok { | ||
return fmt.Errorf("Not found: %s", n) | ||
} | ||
|
||
if rs.Primary.ID == "" { | ||
return fmt.Errorf("No ID is set") | ||
} | ||
|
||
config := testAccProvider.Meta().(*Config) | ||
identityClient, err := config.identityV3Client(OS_REGION_NAME) | ||
if err != nil { | ||
return fmt.Errorf("Error creating OpenStack identity client: %s", err) | ||
} | ||
|
||
domainID, projectID, groupID, userID, roleID := extractRoleAssignmentID(rs.Primary.ID) | ||
|
||
var opts roles.ListAssignmentsOpts | ||
opts = roles.ListAssignmentsOpts{ | ||
GroupID: groupID, | ||
ScopeDomainID: domainID, | ||
ScopeProjectID: projectID, | ||
UserID: userID, | ||
} | ||
|
||
pager := roles.ListAssignments(identityClient, opts) | ||
var assignment roles.RoleAssignment | ||
|
||
err = pager.EachPage(func(page pagination.Page) (bool, error) { | ||
assignmentList, err := roles.ExtractRoleAssignments(page) | ||
if err != nil { | ||
return false, err | ||
} | ||
|
||
for _, a := range assignmentList { | ||
if a.Role.ID == roleID { | ||
assignment = a | ||
return false, nil | ||
} | ||
} | ||
|
||
return true, nil | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
project, err = projects.Get(identityClient, assignment.Scope.Project.ID).Extract() | ||
if err != nil { | ||
return fmt.Errorf("Project not found") | ||
} | ||
user, err = users.Get(identityClient, assignment.User.ID).Extract() | ||
if err != nil { | ||
return fmt.Errorf("User not found") | ||
} | ||
role, err = roles.Get(identityClient, assignment.Role.ID).Extract() | ||
if err != nil { | ||
return fmt.Errorf("Role not found") | ||
} | ||
|
||
return nil | ||
} | ||
} | ||
|
||
const testAccIdentityV3RoleAssignment_basic = ` | ||
resource "openstack_identity_project_v3" "project_1" { | ||
name = "project_1" | ||
} | ||
resource "openstack_identity_user_v3" "user_1" { | ||
name = "user_1" | ||
default_project_id = "${openstack_identity_project_v3.project_1.id}" | ||
} | ||
resource "openstack_identity_role_v3" "role_1" { | ||
name = "role_1" | ||
} | ||
resource "openstack_identity_role_assignment_v3" "role_assignment_1" { | ||
user_id = "${openstack_identity_user_v3.user_1.id}" | ||
project_id = "${openstack_identity_project_v3.project_1.id}" | ||
role_id = "${openstack_identity_role_v3.role_1.id}" | ||
} | ||
` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
--- | ||
layout: "openstack" | ||
page_title: "OpenStack: openstack_identity_role_assignment_v3" | ||
sidebar_current: "docs-openstack-resource-identity-role-assignment-v3" | ||
description: |- | ||
Manages a V3 Role assignment within OpenStack Keystone. | ||
--- | ||
|
||
# openstack\_identity\_role\_assignment_v3 | ||
|
||
Manages a V3 Role assignment within OpenStack Keystone. | ||
|
||
Note: You _must_ have admin privileges in your OpenStack cloud to use | ||
this resource. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "openstack_identity_project_v3" "project_1" { | ||
name = "project_1" | ||
} | ||
resource "openstack_identity_user_v3" "user_1" { | ||
name = "user_1" | ||
default_project_id = "${openstack_identity_project_v3.project_1.id}" | ||
} | ||
resource "openstack_identity_role_v3" "role_1" { | ||
name = "role_1" | ||
} | ||
resource "openstack_identity_role_assignment_v3" "role_assignment_1" { | ||
user_id = "${openstack_identity_user_v3.user_1.id}" | ||
project_id = "${openstack_identity_project_v3.project_1.id}" | ||
role_id = "${openstack_identity_role_v3.role_1.id}" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `domain_id` - (Optional; Required if `project_id` is empty) The domain to assign the role in. | ||
|
||
* `group_id` - (Optional; Required if `user_id` is empty) The group to assign the role to. | ||
|
||
* `project_id` - (Optional; Required if `domain_id` is empty) The project to assign the role in. | ||
|
||
* `user_id` - (Optional; Required if `group_id` is empty) The user to assign the role to. | ||
|
||
* `role_id` - (Required) The role to assign. | ||
|
||
## Attributes Reference | ||
|
||
The following attributes are exported: | ||
|
||
* `domain_id` - See Argument Reference above. | ||
* `project_id` - See Argument Reference above. | ||
* `group_id` - See Argument Reference above. | ||
* `user_id` - See Argument Reference above. | ||
* `role_id` - See Argument Reference above. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters