Add tests and docs for role assignments

terraform-provider-openstack · Apr 16, 2018 · 478dd50 · 478dd50
1 parent 2f1c1fa
commit 478dd50
Show file tree

Hide file tree

Showing 3 changed files with 216 additions and 0 deletions.
diff --git a/openstack/resource_openstack_identity_role_assignment_v3_test.go b/openstack/resource_openstack_identity_role_assignment_v3_test.go
@@ -0,0 +1,152 @@
+package openstack
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/projects"
+
+	"github.com/gophercloud/gophercloud/pagination"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/roles"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/users"
+)
+
+func TestAccIdentityV3RoleAssignment_basic(t *testing.T) {
+	var role roles.Role
+	var user users.User
+	var project projects.Project
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckAdminOnly(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIdentityV3RoleAssignmentDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIdentityV3RoleAssignment_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIdentityV3RoleAssignmentExists("openstack_identity_role_assignment_v3.role_assignment_1", &role, &user, &project),
+					resource.TestCheckResourceAttrPtr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "project_id", &project.ID),
+					resource.TestCheckResourceAttrPtr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "user_id", &user.ID),
+					resource.TestCheckResourceAttrPtr(
+						"openstack_identity_role_assignment_v3.role_assignment_1", "role_id", &role.ID),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIdentityV3RoleAssignmentDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+	identityClient, err := config.identityV3Client(OS_REGION_NAME)
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack identity client: %s", err)
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "openstack_identity_role_assignment_v3" {
+			continue
+		}
+
+		_, err := roles.Get(identityClient, rs.Primary.ID).Extract()
+		if err == nil {
+			return fmt.Errorf("Role assignment still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckIdentityV3RoleAssignmentExists(n string, role *roles.Role, user *users.User, project *projects.Project) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+		identityClient, err := config.identityV3Client(OS_REGION_NAME)
+		if err != nil {
+			return fmt.Errorf("Error creating OpenStack identity client: %s", err)
+		}
+
+		domainID, projectID, groupID, userID, roleID := extractRoleAssignmentID(rs.Primary.ID)
+
+		var opts roles.ListAssignmentsOpts
+		opts = roles.ListAssignmentsOpts{
+			GroupID:        groupID,
+			ScopeDomainID:  domainID,
+			ScopeProjectID: projectID,
+			UserID:         userID,
+		}
+
+		pager := roles.ListAssignments(identityClient, opts)
+		var assignment roles.RoleAssignment
+
+		err = pager.EachPage(func(page pagination.Page) (bool, error) {
+			assignmentList, err := roles.ExtractRoleAssignments(page)
+			if err != nil {
+				return false, err
+			}
+
+			for _, a := range assignmentList {
+				if a.Role.ID == roleID {
+					assignment = a
+					return false, nil
+				}
+			}
+
+			return true, nil
+		})
+		if err != nil {
+			return err
+		}
+
+		project, err = projects.Get(identityClient, assignment.Scope.Project.ID).Extract()
+		if err != nil {
+			return fmt.Errorf("Project not found")
+		}
+		user, err = users.Get(identityClient, assignment.User.ID).Extract()
+		if err != nil {
+			return fmt.Errorf("User not found")
+		}
+		role, err = roles.Get(identityClient, assignment.Role.ID).Extract()
+		if err != nil {
+			return fmt.Errorf("Role not found")
+		}
+
+		return nil
+	}
+}
+
+const testAccIdentityV3RoleAssignment_basic = `
+resource "openstack_identity_project_v3" "project_1" {
+  name = "project_1"
+}
+
+resource "openstack_identity_user_v3" "user_1" {
+  name = "user_1"
+  default_project_id = "${openstack_identity_project_v3.project_1.id}"
+}
+
+resource "openstack_identity_role_v3" "role_1" {
+  name = "role_1"
+}
+
+resource "openstack_identity_role_assignment_v3" "role_assignment_1" {
+  user_id = "${openstack_identity_user_v3.user_1.id}"
+  project_id = "${openstack_identity_project_v3.project_1.id}"
+  role_id = "${openstack_identity_role_v3.role_1.id}"
+}
+`
diff --git a/website/docs/r/identity_role_assignment_v3.html.markdown b/website/docs/r/identity_role_assignment_v3.html.markdown
@@ -0,0 +1,61 @@
+---
+layout: "openstack"
+page_title: "OpenStack: openstack_identity_role_assignment_v3"
+sidebar_current: "docs-openstack-resource-identity-role-assignment-v3"
+description: |-
+  Manages a V3 Role assignment within OpenStack Keystone.
+---
+
+# openstack\_identity\_role\_assignment_v3
+
+Manages a V3 Role assignment within OpenStack Keystone.
+
+Note: You _must_ have admin privileges in your OpenStack cloud to use
+this resource.
+
+## Example Usage
+
+```hcl
+resource "openstack_identity_project_v3" "project_1" {
+  name = "project_1"
+}
+
+resource "openstack_identity_user_v3" "user_1" {
+  name = "user_1"
+  default_project_id = "${openstack_identity_project_v3.project_1.id}"
+}
+
+resource "openstack_identity_role_v3" "role_1" {
+  name = "role_1"
+}
+
+resource "openstack_identity_role_assignment_v3" "role_assignment_1" {
+  user_id = "${openstack_identity_user_v3.user_1.id}"
+  project_id = "${openstack_identity_project_v3.project_1.id}"
+  role_id = "${openstack_identity_role_v3.role_1.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `domain_id` - (Optional; Required if `project_id` is empty) The domain to assign the role in.
+
+* `group_id` - (Optional; Required if `user_id` is empty) The group to assign the role to.
+
+* `project_id` - (Optional; Required if `domain_id` is empty) The project to assign the role in.
+
+* `user_id` - (Optional; Required if `group_id` is empty) The user to assign the role to.
+
+* `role_id` - (Required) The role to assign.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `domain_id` - See Argument Reference above.
+* `project_id` - See Argument Reference above.
+* `group_id` - See Argument Reference above.
+* `user_id` - See Argument Reference above.
+* `role_id` - See Argument Reference above.
diff --git a/website/openstack.erb b/website/openstack.erb
@@ -129,6 +129,9 @@
             <li<%= sidebar_current("docs-openstack-resource-identity-role-v3") %>>
               <a href="/docs/providers/openstack/r/identity_role_v3.html">openstack_identity_role_v3</a>
             </li>
+            <li<%= sidebar_current("docs-openstack-resource-identity-role-assignment-v3") %>>
+              <a href="/docs/providers/openstack/r/identity_role_assignment_v3.html">openstack_identity_role_assignment_v3</a>
+            </li>
             <li<%= sidebar_current("docs-openstack-resource-identity-user-v3") %>>
               <a href="/docs/providers/openstack/r/identity_user_v3.html">openstack_identity_user_v3</a>
             </li>