Added project role assignment

Change-Id: I4eb3d430365f3b22c1a77faea71f710fb565082f

examples/identity/list.py

@@ -78,3 +78,31 @@ def list_roles(conn):
 
     for role in conn.identity.roles():
         print(role)
+
+
+def list_role_domain_group_assignments(conn):
+    print("List Roles assignments for a group on domain:")
+
+    for role in conn.identity.role_domain_group_assignments():
+        print(role)
+
+
+def list_role_domain_user_assignments(conn):
+    print("List Roles assignments for a user on domain:")
+
+    for role in conn.identity.role_project_user_assignments():
+        print(role)
+
+
+def list_role_project_group_assignments(conn):
+    print("List Roles assignments for a group on project:")
+
+    for role in conn.identity.role_project_group_assignments():
+        print(role)
+
+
+def list_role_project_user_assignments(conn):
+    print("List Roles assignments for a user on project:")
+
+    for role in conn.identity.role_project_user_assignments():
+        print(role)

openstack/identity/v3/_proxy.py

@@ -10,6 +10,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import openstack.exceptions as exception
 from openstack.identity.v3 import credential as _credential
 from openstack.identity.v3 import domain as _domain
 from openstack.identity.v3 import endpoint as _endpoint
@@ -18,6 +19,15 @@ from openstack.identity.v3 import policy as _policy
 from openstack.identity.v3 import project as _project
 from openstack.identity.v3 import region as _region
 from openstack.identity.v3 import role as _role
+from openstack.identity.v3 import role_assignment as _role_assignment
+from openstack.identity.v3 import role_domain_group_assignment \
+    as _role_domain_group_assignment
+from openstack.identity.v3 import role_domain_user_assignment \
+    as _role_domain_user_assignment
+from openstack.identity.v3 import role_project_group_assignment \
+    as _role_project_group_assignment
+from openstack.identity.v3 import role_project_user_assignment \
+    as _role_project_user_assignment
 from openstack.identity.v3 import service as _service
 from openstack.identity.v3 import trust as _trust
 from openstack.identity.v3 import user as _user
@@ -875,3 +885,75 @@ class Proxy(proxy.BaseProxy):
         :rtype: :class:`~openstack.identity.v3.role.Role`
         """
         return self._update(_role.Role, role, **attrs)
+
+    def role_assignments_filter(self, domain=None, project=None, group=None,
+                                user=None):
+        """Retrieve a generator of roles assigned to user/group
+
+        :param domain: Either the ID of a domain or a
+                      :class:`~openstack.identity.v3.domain.Domain` instance.
+        :param project: Either the ID of a project or a
+                      :class:`~openstack.identity.v3.project.Project`
+                      instance.
+        :param group: Either the ID of a group or a
+                      :class:`~openstack.identity.v3.group.Group` instance.
+        :param user: Either the ID of a user or a
+                     :class:`~openstack.identity.v3.user.User` instance.
+        :return: A generator of role instances.
+        :rtype: :class:`~openstack.identity.v3.role.Role`
+        """
+        if domain and project:
+            raise exception.InvalidRequest(
+                'Only one of domain or project can be specified')
+
+        if domain is None and project is None:
+            raise exception.InvalidRequest(
+                'Either domain or project should be specified')
+
+        if group and user:
+            raise exception.InvalidRequest(
+                'Only one of group or user can be specified')
+
+        if group is None and user is None:
+            raise exception.InvalidRequest(
+                'Either group or user should be specified')
+
+        if domain:
+            domain = self._get_resource(_domain.Domain, domain)
+            if group:
+                group = self._get_resource(_group.Group, group)
+                return self._list(
+                    _role_domain_group_assignment.RoleDomainGroupAssignment,
+                    paginated=False, domain_id=domain.id, group_id=group.id)
+            else:
+                user = self._get_resource(_user.User, user)
+                return self._list(
+                    _role_domain_user_assignment.RoleDomainUserAssignment,
+                    paginated=False, domain_id=domain.id, user_id=user.id)
+        else:
+            project = self._get_resource(_project.Project, project)
+            if group:
+                group = self._get_resource(_group.Group, group)
+                return self._list(
+                    _role_project_group_assignment.RoleProjectGroupAssignment,
+                    paginated=False, project_id=project.id, group_id=group.id)
+            else:
+                user = self._get_resource(_user.User, user)
+                return self._list(
+                    _role_project_user_assignment.RoleProjectUserAssignment,
+                    paginated=False, project_id=project.id, user_id=user.id)
+
+    def role_assignments(self, **query):
+        """Retrieve a generator of role_assignment
+
+                      :class:`~openstack.identity.v3.user.User` instance.
+        :param kwargs \*\*query: Optional query parameters to be sent to limit
+                                 the resources being returned. The options
+                                 are: group_id, role_id, scope_domain_id,
+                                 scope_project_id, user_id, include_names,
+                                 include_subtree.
+        :return:
+                :class:`~openstack.identity.v3.role_assignment.RoleAssignment`
+        """
+        return self._list(_role_assignment.RoleAssignment,
+                          paginated=False, **query)

openstack/identity/v3/domain.py

@@ -12,6 +12,7 @@
 
 from openstack.identity import identity_service
 from openstack import resource2 as resource
+from openstack import utils
 
 
 class Domain(resource.Resource):
@@ -43,3 +44,57 @@ class Domain(resource.Resource):
     name = resource.Body('name')
     #: The links related to the domain resource.
     links = resource.Body('links')
+
+    def assign_role_to_user(self, session, user, role):
+        """Assign role to user on domain"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.put(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def validate_user_has_role(self, session, user, role):
+        """Validates that a user has a role on a domain"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.head(url, endpoint_filter=self.service)
+        if resp.status_code == 201:
+            return True
+        return False
+
+    def unassign_role_from_user(self, session, user, role):
+        """Unassigns a role from a user on a domain"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.delete(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def assign_role_to_group(self, session, group, role):
+        """Assign role to group on domain"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.put(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def validate_group_has_role(self, session, group, role):
+        """Validates that a group has a role on a domain"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.head(url, endpoint_filter=self.service)
+        if resp.status_code == 201:
+            return True
+        return False
+
+    def unassign_role_from_group(self, session, group, role):
+        """Unassigns a role from a group on a domain"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.delete(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False

openstack/identity/v3/project.py

@@ -12,6 +12,7 @@
 
 from openstack.identity import identity_service
 from openstack import resource2 as resource
+from openstack import utils
 
 
 class Project(resource.Resource):
@@ -50,3 +51,57 @@ class Project(resource.Resource):
     #: The ID of the parent of the project.
     #: New in version 3.4
     parent_id = resource.Body('parent_id')
+
+    def assign_role_to_user(self, session, user, role):
+        """Assign role to user on project"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.put(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def validate_user_has_role(self, session, user, role):
+        """Validates that a user has a role on a project"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.head(url, endpoint_filter=self.service)
+        if resp.status_code == 201:
+            return True
+        return False
+
+    def unassign_role_from_user(self, session, user, role):
+        """Unassigns a role from a user on a project"""
+        url = utils.urljoin(self.base_path, self.id, 'users',
+                            user.id, 'roles', role.id)
+        resp = session.delete(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def assign_role_to_group(self, session, group, role):
+        """Assign role to group on project"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.put(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False
+
+    def validate_group_has_role(self, session, group, role):
+        """Validates that a group has a role on a project"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.head(url, endpoint_filter=self.service)
+        if resp.status_code == 201:
+            return True
+        return False
+
+    def unassign_role_from_group(self, session, group, role):
+        """Unassigns a role from a group on a project"""
+        url = utils.urljoin(self.base_path, self.id, 'groups',
+                            group.id, 'roles', role.id)
+        resp = session.delete(url, endpoint_filter=self.service)
+        if resp.status_code == 204:
+            return True
+        return False

openstack/identity/v3/role.py

@@ -32,11 +32,6 @@ class Role(resource.Resource):
         'name', 'domain_id')
 
     # Properties
-    #: References the domain ID which owns the role; if a domain ID is not
-    #: specified by the client, the Identity service implementation will
-    #: default it to the domain ID to which the client's token is scoped.
-    #: *Type: string*
-    domain_id = resource.Body('domain_id')
     #: Unique role name, within the owning domain. *Type: string*
     name = resource.Body('name')
     #: The links for the service resource.

openstack/identity/v3/role_assignment.py

@@ -0,0 +1,41 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.identity import identity_service
+from openstack import resource2 as resource
+
+
+class RoleAssignment(resource.Resource):
+    resource_key = 'role_assignment'
+    resources_key = 'role_assignments'
+    base_path = '/role_assignments'
+    service = identity_service.IdentityService()
+
+    # capabilities
+    allow_list = True
+
+    _query_mapping = resource.QueryParameters(
+        'group_id', 'role_id', 'scope_domain_id', 'scope_project_id',
+        'user_id', 'effective', 'include_names', 'include_subtree'
+    )
+
+    # Properties
+    #: The links for the service resource.
+    links = resource.Body('links')
+    #: The role (dictionary contains only id) *Type: dict*
+    role = resource.Body('role', type=dict)
+    #: The scope (either domain or group dictionary contains id) *Type: dict*
+    scope = resource.Body('scope', type=dict)
+    #: The user (dictionary contains only id) *Type: dict*
+    user = resource.Body('user', type=dict)
+    #: The group (dictionary contains only id) *Type: dict*
+    group = resource.Body('group', type=dict)

openstack/identity/v3/role_domain_group_assignment.py

@@ -0,0 +1,34 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.identity import identity_service
+from openstack import resource2 as resource
+
+
+class RoleDomainGroupAssignment(resource.Resource):
+    resource_key = 'role'
+    resources_key = 'roles'
+    base_path = '/domains/%(domain_id)s/groups/%(group_id)s/roles'
+    service = identity_service.IdentityService()
+
+    # capabilities
+    allow_list = True
+
+    # Properties
+    #: name of the role *Type: string*
+    name = resource.Body('name')
+    #: The links for the service resource.
+    links = resource.Body('links')
+    #: The ID of the domain to list assignment from. *Type: string*
+    domain_id = resource.URI('domain_id')
+    #: The ID of the group to list assignment from. *Type: string*
+    group_id = resource.URI('group_id')

openstack/identity/v3/role_domain_user_assignment.py

@@ -0,0 +1,34 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.identity import identity_service
+from openstack import resource2 as resource
+
+
+class RoleDomainUserAssignment(resource.Resource):
+    resource_key = 'role'
+    resources_key = 'roles'
+    base_path = '/domains/%(domain_id)s/users/%(user_id)s/roles'
+    service = identity_service.IdentityService()
+
+    # capabilities
+    allow_list = True
+
+    # Properties
+    #: name of the role *Type: string*
+    name = resource.Body('name')
+    #: The links for the service resource.
+    links = resource.Body('links')
+    #: The ID of the domain to list assignment from. *Type: string*
+    domain_id = resource.URI('domain_id')
+    #: The ID of the user to list assignment from. *Type: string*
+    user_id = resource.URI('user_id')

openstack/identity/v3/role_project_group_assignment.py

@@ -0,0 +1,34 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.identity import identity_service
+from openstack import resource2 as resource
+
+
+class RoleProjectGroupAssignment(resource.Resource):
+    resource_key = 'role'
+    resources_key = 'roles'
+    base_path = '/projects/%(project_id)s/groups/%(group_id)s/roles'
+    service = identity_service.IdentityService()
+
+    # capabilities
+    allow_list = True
+
+    # Properties
+    #: name of the role *Type: string*
+    name = resource.Body('name')
+    #: The links for the service resource.
+    links = resource.Body('links')
+    #: The ID of the project to list assignment from. *Type: string*
+    project_id = resource.URI('project_id')
+    #: The ID of the group to list assignment from. *Type: string*
+    group_id = resource.URI('group_id')

openstack/identity/v3/role_project_user_assignment.py

@@ -0,0 +1,34 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.identity import identity_service
+from openstack import resource2 as resource
+
+
+class RoleProjectUserAssignment(resource.Resource):
+    resource_key = 'role'
+    resources_key = 'roles'
+    base_path = '/projects/%(project_id)s/users/%(user_id)s/roles'
+    service = identity_service.IdentityService()
+
+    # capabilities
+    allow_list = True
+
+    # Properties
+    #: name of the role *Type: string*
+    name = resource.Body('name')
+    #: The links for the service resource.
+    links = resource.Body('links')
+    #: The ID of the project to list assignment from. *Type: string*
+    project_id = resource.URI('project_id')
+    #: The ID of the user to list assignment from. *Type: string*
+    user_id = resource.URI('user_id')

openstack/tests/unit/identity/v3/test_role.py

@@ -16,7 +16,6 @@ from openstack.identity.v3 import role
 
 IDENTIFIER = 'IDENTIFIER'
 EXAMPLE = {
-    'domain_id': '1',
     'id': IDENTIFIER,
     'links': {'self': 'http://example.com/user1'},
     'name': '2',
@@ -40,7 +39,6 @@ class TestRole(testtools.TestCase):
 
     def test_make_it(self):
         sot = role.Role(**EXAMPLE)
-        self.assertEqual(EXAMPLE['domain_id'], sot.domain_id)
         self.assertEqual(EXAMPLE['id'], sot.id)
         self.assertEqual(EXAMPLE['links'], sot.links)
         self.assertEqual(EXAMPLE['name'], sot.name)

openstack/tests/unit/identity/v3/test_role_assignment.py

@@ -0,0 +1,44 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from openstack.identity.v3 import role_assignment
+
+IDENTIFIER = 'IDENTIFIER'
+EXAMPLE = {
+    'id': IDENTIFIER,
+    'links': {'self': 'http://example.com/user1'},
+    'scope': {'domain': {'id': '2'}},
+    'user': {'id': '3'},
+    'group': {'id': '4'}
+}
+
+
+class TestRoleAssignment(testtools.TestCase):
+
+    def test_basic(self):
+        sot = role_assignment.RoleAssignment()
+        self.assertEqual('role_assignment', sot.resource_key)
+        self.assertEqual('role_assignments', sot.resources_key)
+        self.assertEqual('/role_assignments',
+                         sot.base_path)
+        self.assertEqual('identity', sot.service.service_type)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = role_assignment.RoleAssignment(**EXAMPLE)
+        self.assertEqual(EXAMPLE['id'], sot.id)
+        self.assertEqual(EXAMPLE['links'], sot.links)
+        self.assertEqual(EXAMPLE['scope'], sot.scope)
+        self.assertEqual(EXAMPLE['user'], sot.user)
+        self.assertEqual(EXAMPLE['group'], sot.group)

openstack/tests/unit/identity/v3/test_role_domain_group_assignment.py

@@ -0,0 +1,45 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from openstack.identity.v3 import role_domain_group_assignment
+
+IDENTIFIER = 'IDENTIFIER'
+EXAMPLE = {
+    'id': IDENTIFIER,
+    'links': {'self': 'http://example.com/user1'},
+    'name': '2',
+    'domain_id': '3',
+    'group_id': '4'
+}
+
+
+class TestRoleDomainGroupAssignment(testtools.TestCase):
+
+    def test_basic(self):
+        sot = role_domain_group_assignment.RoleDomainGroupAssignment()
+        self.assertEqual('role', sot.resource_key)
+        self.assertEqual('roles', sot.resources_key)
+        self.assertEqual('/domains/%(domain_id)s/groups/%(group_id)s/roles',
+                         sot.base_path)
+        self.assertEqual('identity', sot.service.service_type)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = \
+            role_domain_group_assignment.RoleDomainGroupAssignment(**EXAMPLE)
+        self.assertEqual(EXAMPLE['id'], sot.id)
+        self.assertEqual(EXAMPLE['links'], sot.links)
+        self.assertEqual(EXAMPLE['name'], sot.name)
+        self.assertEqual(EXAMPLE['domain_id'], sot.domain_id)
+        self.assertEqual(EXAMPLE['group_id'], sot.group_id)

openstack/tests/unit/identity/v3/test_role_domain_user_assignment.py

@@ -0,0 +1,45 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from openstack.identity.v3 import role_domain_user_assignment
+
+IDENTIFIER = 'IDENTIFIER'
+EXAMPLE = {
+    'id': IDENTIFIER,
+    'links': {'self': 'http://example.com/user1'},
+    'name': '2',
+    'domain_id': '3',
+    'user_id': '4'
+}
+
+
+class TestRoleDomainUserAssignment(testtools.TestCase):
+
+    def test_basic(self):
+        sot = role_domain_user_assignment.RoleDomainUserAssignment()
+        self.assertEqual('role', sot.resource_key)
+        self.assertEqual('roles', sot.resources_key)
+        self.assertEqual('/domains/%(domain_id)s/users/%(user_id)s/roles',
+                         sot.base_path)
+        self.assertEqual('identity', sot.service.service_type)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = \
+            role_domain_user_assignment.RoleDomainUserAssignment(**EXAMPLE)
+        self.assertEqual(EXAMPLE['id'], sot.id)
+        self.assertEqual(EXAMPLE['links'], sot.links)
+        self.assertEqual(EXAMPLE['name'], sot.name)
+        self.assertEqual(EXAMPLE['domain_id'], sot.domain_id)
+        self.assertEqual(EXAMPLE['user_id'], sot.user_id)

openstack/tests/unit/identity/v3/test_role_project_group_assignment.py

@@ -0,0 +1,45 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from openstack.identity.v3 import role_project_group_assignment
+
+IDENTIFIER = 'IDENTIFIER'
+EXAMPLE = {
+    'id': IDENTIFIER,
+    'links': {'self': 'http://example.com/user1'},
+    'name': '2',
+    'project_id': '3',
+    'group_id': '4'
+}
+
+
+class TestRoleProjectGroupAssignment(testtools.TestCase):
+
+    def test_basic(self):
+        sot = role_project_group_assignment.RoleProjectGroupAssignment()
+        self.assertEqual('role', sot.resource_key)
+        self.assertEqual('roles', sot.resources_key)
+        self.assertEqual('/projects/%(project_id)s/groups/%(group_id)s/roles',
+                         sot.base_path)
+        self.assertEqual('identity', sot.service.service_type)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = \
+            role_project_group_assignment.RoleProjectGroupAssignment(**EXAMPLE)
+        self.assertEqual(EXAMPLE['id'], sot.id)
+        self.assertEqual(EXAMPLE['links'], sot.links)
+        self.assertEqual(EXAMPLE['name'], sot.name)
+        self.assertEqual(EXAMPLE['project_id'], sot.project_id)
+        self.assertEqual(EXAMPLE['group_id'], sot.group_id)

openstack/tests/unit/identity/v3/test_role_project_user_assignment.py

@@ -0,0 +1,45 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from openstack.identity.v3 import role_project_user_assignment
+
+IDENTIFIER = 'IDENTIFIER'
+EXAMPLE = {
+    'id': IDENTIFIER,
+    'links': {'self': 'http://example.com/user1'},
+    'name': '2',
+    'project_id': '3',
+    'user_id': '4'
+}
+
+
+class TestRoleProjectUserAssignment(testtools.TestCase):
+
+    def test_basic(self):
+        sot = role_project_user_assignment.RoleProjectUserAssignment()
+        self.assertEqual('role', sot.resource_key)
+        self.assertEqual('roles', sot.resources_key)
+        self.assertEqual('/projects/%(project_id)s/users/%(user_id)s/roles',
+                         sot.base_path)
+        self.assertEqual('identity', sot.service.service_type)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = \
+            role_project_user_assignment.RoleProjectUserAssignment(**EXAMPLE)
+        self.assertEqual(EXAMPLE['id'], sot.id)
+        self.assertEqual(EXAMPLE['links'], sot.links)
+        self.assertEqual(EXAMPLE['name'], sot.name)
+        self.assertEqual(EXAMPLE['project_id'], sot.project_id)
+        self.assertEqual(EXAMPLE['user_id'], sot.user_id)