1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
//go:build acceptance || identity || trusts
// +build acceptance identity trusts
package v3
import (
"testing"
"time"
"github.com/gophercloud/gophercloud/acceptance/clients"
"github.com/gophercloud/gophercloud/acceptance/tools"
"github.com/gophercloud/gophercloud/openstack"
"github.com/gophercloud/gophercloud/openstack/identity/v3/extensions/trusts"
"github.com/gophercloud/gophercloud/openstack/identity/v3/roles"
"github.com/gophercloud/gophercloud/openstack/identity/v3/tokens"
"github.com/gophercloud/gophercloud/openstack/identity/v3/users"
th "github.com/gophercloud/gophercloud/testhelper"
)
func TestTrustCRUD(t *testing.T) {
clients.RequireAdmin(t)
client, err := clients.NewIdentityV3Client()
th.AssertNoErr(t, err)
// Generate a token and obtain the Admin user's ID from it.
ao, err := openstack.AuthOptionsFromEnv()
th.AssertNoErr(t, err)
authOptions := tokens.AuthOptions{
Username: ao.Username,
Password: ao.Password,
DomainName: ao.DomainName,
DomainID: ao.DomainID,
}
token, err := tokens.Create(client, &authOptions).Extract()
th.AssertNoErr(t, err)
adminUser, err := tokens.Get(client, token.ID).ExtractUser()
th.AssertNoErr(t, err)
// Get the admin and member role IDs.
adminRoleID := ""
memberRoleID := ""
allPages, err := roles.List(client, nil).AllPages()
th.AssertNoErr(t, err)
allRoles, err := roles.ExtractRoles(allPages)
th.AssertNoErr(t, err)
for _, v := range allRoles {
if v.Name == "admin" {
adminRoleID = v.ID
}
if v.Name == "member" {
memberRoleID = v.ID
}
}
// Create a project to apply the trust.
trusteeProject, err := CreateProject(t, client, nil)
th.AssertNoErr(t, err)
defer DeleteProject(t, client, trusteeProject.ID)
tools.PrintResource(t, trusteeProject)
// Add the admin user to the trustee project.
assignOpts := roles.AssignOpts{
UserID: adminUser.ID,
ProjectID: trusteeProject.ID,
}
err = roles.Assign(client, adminRoleID, assignOpts).ExtractErr()
th.AssertNoErr(t, err)
// Create a user as the trustee.
trusteeUserCreateOpts := users.CreateOpts{
Password: "secret",
DomainID: "default",
}
trusteeUser, err := CreateUser(t, client, &trusteeUserCreateOpts)
th.AssertNoErr(t, err)
defer DeleteUser(t, client, trusteeUser.ID)
expiresAt := time.Now().Add(time.Minute).Truncate(time.Second).UTC()
// Create a trust.
trust, err := CreateTrust(t, client, trusts.CreateOpts{
TrusteeUserID: trusteeUser.ID,
TrustorUserID: adminUser.ID,
ProjectID: trusteeProject.ID,
ExpiresAt: &expiresAt,
Roles: []trusts.Role{
{
ID: memberRoleID,
},
},
})
th.AssertNoErr(t, err)
defer DeleteTrust(t, client, trust.ID)
trust, err = FindTrust(t, client)
th.AssertNoErr(t, err)
// Get trust
p, err := trusts.Get(client, trust.ID).Extract()
th.AssertNoErr(t, err)
th.AssertEquals(t, p.ExpiresAt, expiresAt)
th.AssertEquals(t, p.DeletedAt.IsZero(), true)
tools.PrintResource(t, p)
// List trust roles
rolesPages, err := trusts.ListRoles(client, p.ID).AllPages()
th.AssertNoErr(t, err)
allTrustRoles, err := trusts.ExtractRoles(rolesPages)
th.AssertNoErr(t, err)
th.AssertEquals(t, len(allTrustRoles), 1)
th.AssertEquals(t, allTrustRoles[0].ID, memberRoleID)
// Get trust role
role, err := trusts.GetRole(client, p.ID, memberRoleID).Extract()
th.AssertNoErr(t, err)
th.AssertEquals(t, role.ID, memberRoleID)
// Check trust role
err = trusts.CheckRole(client, p.ID, memberRoleID).ExtractErr()
th.AssertNoErr(t, err)
}
|
