From d8f62dc0e9a07a5c6ad42a50962c2c4869833821 Mon Sep 17 00:00:00 2001 From: Yuval Shalev Date: Wed, 4 Jan 2017 17:54:43 +0200 Subject: [PATCH] Added project role assignment Change-Id: I4eb3d430365f3b22c1a77faea71f710fb565082f --- examples/identity/list.py | 28 +++++++ openstack/identity/v3/_proxy.py | 82 +++++++++++++++++++ openstack/identity/v3/domain.py | 55 +++++++++++++ openstack/identity/v3/project.py | 55 +++++++++++++ openstack/identity/v3/role.py | 5 -- openstack/identity/v3/role_assignment.py | 41 ++++++++++ .../v3/role_domain_group_assignment.py | 34 ++++++++ .../v3/role_domain_user_assignment.py | 34 ++++++++ .../v3/role_project_group_assignment.py | 34 ++++++++ .../v3/role_project_user_assignment.py | 34 ++++++++ openstack/tests/unit/identity/v3/test_role.py | 2 - .../unit/identity/v3/test_role_assignment.py | 44 ++++++++++ .../v3/test_role_domain_group_assignment.py | 45 ++++++++++ .../v3/test_role_domain_user_assignment.py | 45 ++++++++++ .../v3/test_role_project_group_assignment.py | 45 ++++++++++ .../v3/test_role_project_user_assignment.py | 45 ++++++++++ 16 files changed, 621 insertions(+), 7 deletions(-) create mode 100644 openstack/identity/v3/role_assignment.py create mode 100644 openstack/identity/v3/role_domain_group_assignment.py create mode 100644 openstack/identity/v3/role_domain_user_assignment.py create mode 100644 openstack/identity/v3/role_project_group_assignment.py create mode 100644 openstack/identity/v3/role_project_user_assignment.py create mode 100644 openstack/tests/unit/identity/v3/test_role_assignment.py create mode 100644 openstack/tests/unit/identity/v3/test_role_domain_group_assignment.py create mode 100644 openstack/tests/unit/identity/v3/test_role_domain_user_assignment.py create mode 100644 openstack/tests/unit/identity/v3/test_role_project_group_assignment.py create mode 100644 openstack/tests/unit/identity/v3/test_role_project_user_assignment.py diff --git a/examples/identity/list.py b/examples/identity/list.py index e7662b043..fff73a50f 100644 --- a/examples/identity/list.py +++ b/examples/identity/list.py @@ -78,3 +78,31 @@ def list_roles(conn): for role in conn.identity.roles(): print(role) + + +def list_role_domain_group_assignments(conn): + print("List Roles assignments for a group on domain:") + + for role in conn.identity.role_domain_group_assignments(): + print(role) + + +def list_role_domain_user_assignments(conn): + print("List Roles assignments for a user on domain:") + + for role in conn.identity.role_project_user_assignments(): + print(role) + + +def list_role_project_group_assignments(conn): + print("List Roles assignments for a group on project:") + + for role in conn.identity.role_project_group_assignments(): + print(role) + + +def list_role_project_user_assignments(conn): + print("List Roles assignments for a user on project:") + + for role in conn.identity.role_project_user_assignments(): + print(role) diff --git a/openstack/identity/v3/_proxy.py b/openstack/identity/v3/_proxy.py index 5b7bd3cb3..81e295ee1 100644 --- a/openstack/identity/v3/_proxy.py +++ b/openstack/identity/v3/_proxy.py @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +import openstack.exceptions as exception from openstack.identity.v3 import credential as _credential from openstack.identity.v3 import domain as _domain from openstack.identity.v3 import endpoint as _endpoint @@ -18,6 +19,15 @@ from openstack.identity.v3 import policy as _policy from openstack.identity.v3 import project as _project from openstack.identity.v3 import region as _region from openstack.identity.v3 import role as _role +from openstack.identity.v3 import role_assignment as _role_assignment +from openstack.identity.v3 import role_domain_group_assignment \ + as _role_domain_group_assignment +from openstack.identity.v3 import role_domain_user_assignment \ + as _role_domain_user_assignment +from openstack.identity.v3 import role_project_group_assignment \ + as _role_project_group_assignment +from openstack.identity.v3 import role_project_user_assignment \ + as _role_project_user_assignment from openstack.identity.v3 import service as _service from openstack.identity.v3 import trust as _trust from openstack.identity.v3 import user as _user @@ -875,3 +885,75 @@ class Proxy(proxy.BaseProxy): :rtype: :class:`~openstack.identity.v3.role.Role` """ return self._update(_role.Role, role, **attrs) + + def role_assignments_filter(self, domain=None, project=None, group=None, + user=None): + """Retrieve a generator of roles assigned to user/group + + :param domain: Either the ID of a domain or a + :class:`~openstack.identity.v3.domain.Domain` instance. + :param project: Either the ID of a project or a + :class:`~openstack.identity.v3.project.Project` + instance. + :param group: Either the ID of a group or a + :class:`~openstack.identity.v3.group.Group` instance. + :param user: Either the ID of a user or a + :class:`~openstack.identity.v3.user.User` instance. + :return: A generator of role instances. + :rtype: :class:`~openstack.identity.v3.role.Role` + """ + if domain and project: + raise exception.InvalidRequest( + 'Only one of domain or project can be specified') + + if domain is None and project is None: + raise exception.InvalidRequest( + 'Either domain or project should be specified') + + if group and user: + raise exception.InvalidRequest( + 'Only one of group or user can be specified') + + if group is None and user is None: + raise exception.InvalidRequest( + 'Either group or user should be specified') + + if domain: + domain = self._get_resource(_domain.Domain, domain) + if group: + group = self._get_resource(_group.Group, group) + return self._list( + _role_domain_group_assignment.RoleDomainGroupAssignment, + paginated=False, domain_id=domain.id, group_id=group.id) + else: + user = self._get_resource(_user.User, user) + return self._list( + _role_domain_user_assignment.RoleDomainUserAssignment, + paginated=False, domain_id=domain.id, user_id=user.id) + else: + project = self._get_resource(_project.Project, project) + if group: + group = self._get_resource(_group.Group, group) + return self._list( + _role_project_group_assignment.RoleProjectGroupAssignment, + paginated=False, project_id=project.id, group_id=group.id) + else: + user = self._get_resource(_user.User, user) + return self._list( + _role_project_user_assignment.RoleProjectUserAssignment, + paginated=False, project_id=project.id, user_id=user.id) + + def role_assignments(self, **query): + """Retrieve a generator of role_assignment + + :class:`~openstack.identity.v3.user.User` instance. + :param kwargs \*\*query: Optional query parameters to be sent to limit + the resources being returned. The options + are: group_id, role_id, scope_domain_id, + scope_project_id, user_id, include_names, + include_subtree. + :return: + :class:`~openstack.identity.v3.role_assignment.RoleAssignment` + """ + return self._list(_role_assignment.RoleAssignment, + paginated=False, **query) diff --git a/openstack/identity/v3/domain.py b/openstack/identity/v3/domain.py index b7f330ad9..42e57649d 100644 --- a/openstack/identity/v3/domain.py +++ b/openstack/identity/v3/domain.py @@ -12,6 +12,7 @@ from openstack.identity import identity_service from openstack import resource2 as resource +from openstack import utils class Domain(resource.Resource): @@ -43,3 +44,57 @@ class Domain(resource.Resource): name = resource.Body('name') #: The links related to the domain resource. links = resource.Body('links') + + def assign_role_to_user(self, session, user, role): + """Assign role to user on domain""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.put(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def validate_user_has_role(self, session, user, role): + """Validates that a user has a role on a domain""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.head(url, endpoint_filter=self.service) + if resp.status_code == 201: + return True + return False + + def unassign_role_from_user(self, session, user, role): + """Unassigns a role from a user on a domain""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.delete(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def assign_role_to_group(self, session, group, role): + """Assign role to group on domain""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.put(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def validate_group_has_role(self, session, group, role): + """Validates that a group has a role on a domain""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.head(url, endpoint_filter=self.service) + if resp.status_code == 201: + return True + return False + + def unassign_role_from_group(self, session, group, role): + """Unassigns a role from a group on a domain""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.delete(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False diff --git a/openstack/identity/v3/project.py b/openstack/identity/v3/project.py index 439962a32..3a1ab714c 100644 --- a/openstack/identity/v3/project.py +++ b/openstack/identity/v3/project.py @@ -12,6 +12,7 @@ from openstack.identity import identity_service from openstack import resource2 as resource +from openstack import utils class Project(resource.Resource): @@ -50,3 +51,57 @@ class Project(resource.Resource): #: The ID of the parent of the project. #: New in version 3.4 parent_id = resource.Body('parent_id') + + def assign_role_to_user(self, session, user, role): + """Assign role to user on project""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.put(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def validate_user_has_role(self, session, user, role): + """Validates that a user has a role on a project""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.head(url, endpoint_filter=self.service) + if resp.status_code == 201: + return True + return False + + def unassign_role_from_user(self, session, user, role): + """Unassigns a role from a user on a project""" + url = utils.urljoin(self.base_path, self.id, 'users', + user.id, 'roles', role.id) + resp = session.delete(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def assign_role_to_group(self, session, group, role): + """Assign role to group on project""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.put(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False + + def validate_group_has_role(self, session, group, role): + """Validates that a group has a role on a project""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.head(url, endpoint_filter=self.service) + if resp.status_code == 201: + return True + return False + + def unassign_role_from_group(self, session, group, role): + """Unassigns a role from a group on a project""" + url = utils.urljoin(self.base_path, self.id, 'groups', + group.id, 'roles', role.id) + resp = session.delete(url, endpoint_filter=self.service) + if resp.status_code == 204: + return True + return False diff --git a/openstack/identity/v3/role.py b/openstack/identity/v3/role.py index 7c7d6b1a2..bd946d3d2 100644 --- a/openstack/identity/v3/role.py +++ b/openstack/identity/v3/role.py @@ -32,11 +32,6 @@ class Role(resource.Resource): 'name', 'domain_id') # Properties - #: References the domain ID which owns the role; if a domain ID is not - #: specified by the client, the Identity service implementation will - #: default it to the domain ID to which the client's token is scoped. - #: *Type: string* - domain_id = resource.Body('domain_id') #: Unique role name, within the owning domain. *Type: string* name = resource.Body('name') #: The links for the service resource. diff --git a/openstack/identity/v3/role_assignment.py b/openstack/identity/v3/role_assignment.py new file mode 100644 index 000000000..459c275b7 --- /dev/null +++ b/openstack/identity/v3/role_assignment.py @@ -0,0 +1,41 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack.identity import identity_service +from openstack import resource2 as resource + + +class RoleAssignment(resource.Resource): + resource_key = 'role_assignment' + resources_key = 'role_assignments' + base_path = '/role_assignments' + service = identity_service.IdentityService() + + # capabilities + allow_list = True + + _query_mapping = resource.QueryParameters( + 'group_id', 'role_id', 'scope_domain_id', 'scope_project_id', + 'user_id', 'effective', 'include_names', 'include_subtree' + ) + + # Properties + #: The links for the service resource. + links = resource.Body('links') + #: The role (dictionary contains only id) *Type: dict* + role = resource.Body('role', type=dict) + #: The scope (either domain or group dictionary contains id) *Type: dict* + scope = resource.Body('scope', type=dict) + #: The user (dictionary contains only id) *Type: dict* + user = resource.Body('user', type=dict) + #: The group (dictionary contains only id) *Type: dict* + group = resource.Body('group', type=dict) diff --git a/openstack/identity/v3/role_domain_group_assignment.py b/openstack/identity/v3/role_domain_group_assignment.py new file mode 100644 index 000000000..d7fadc3cc --- /dev/null +++ b/openstack/identity/v3/role_domain_group_assignment.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack.identity import identity_service +from openstack import resource2 as resource + + +class RoleDomainGroupAssignment(resource.Resource): + resource_key = 'role' + resources_key = 'roles' + base_path = '/domains/%(domain_id)s/groups/%(group_id)s/roles' + service = identity_service.IdentityService() + + # capabilities + allow_list = True + + # Properties + #: name of the role *Type: string* + name = resource.Body('name') + #: The links for the service resource. + links = resource.Body('links') + #: The ID of the domain to list assignment from. *Type: string* + domain_id = resource.URI('domain_id') + #: The ID of the group to list assignment from. *Type: string* + group_id = resource.URI('group_id') diff --git a/openstack/identity/v3/role_domain_user_assignment.py b/openstack/identity/v3/role_domain_user_assignment.py new file mode 100644 index 000000000..b4db0f522 --- /dev/null +++ b/openstack/identity/v3/role_domain_user_assignment.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack.identity import identity_service +from openstack import resource2 as resource + + +class RoleDomainUserAssignment(resource.Resource): + resource_key = 'role' + resources_key = 'roles' + base_path = '/domains/%(domain_id)s/users/%(user_id)s/roles' + service = identity_service.IdentityService() + + # capabilities + allow_list = True + + # Properties + #: name of the role *Type: string* + name = resource.Body('name') + #: The links for the service resource. + links = resource.Body('links') + #: The ID of the domain to list assignment from. *Type: string* + domain_id = resource.URI('domain_id') + #: The ID of the user to list assignment from. *Type: string* + user_id = resource.URI('user_id') diff --git a/openstack/identity/v3/role_project_group_assignment.py b/openstack/identity/v3/role_project_group_assignment.py new file mode 100644 index 000000000..225410b5d --- /dev/null +++ b/openstack/identity/v3/role_project_group_assignment.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack.identity import identity_service +from openstack import resource2 as resource + + +class RoleProjectGroupAssignment(resource.Resource): + resource_key = 'role' + resources_key = 'roles' + base_path = '/projects/%(project_id)s/groups/%(group_id)s/roles' + service = identity_service.IdentityService() + + # capabilities + allow_list = True + + # Properties + #: name of the role *Type: string* + name = resource.Body('name') + #: The links for the service resource. + links = resource.Body('links') + #: The ID of the project to list assignment from. *Type: string* + project_id = resource.URI('project_id') + #: The ID of the group to list assignment from. *Type: string* + group_id = resource.URI('group_id') diff --git a/openstack/identity/v3/role_project_user_assignment.py b/openstack/identity/v3/role_project_user_assignment.py new file mode 100644 index 000000000..b1989794a --- /dev/null +++ b/openstack/identity/v3/role_project_user_assignment.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack.identity import identity_service +from openstack import resource2 as resource + + +class RoleProjectUserAssignment(resource.Resource): + resource_key = 'role' + resources_key = 'roles' + base_path = '/projects/%(project_id)s/users/%(user_id)s/roles' + service = identity_service.IdentityService() + + # capabilities + allow_list = True + + # Properties + #: name of the role *Type: string* + name = resource.Body('name') + #: The links for the service resource. + links = resource.Body('links') + #: The ID of the project to list assignment from. *Type: string* + project_id = resource.URI('project_id') + #: The ID of the user to list assignment from. *Type: string* + user_id = resource.URI('user_id') diff --git a/openstack/tests/unit/identity/v3/test_role.py b/openstack/tests/unit/identity/v3/test_role.py index ef1663ffb..e338657a0 100644 --- a/openstack/tests/unit/identity/v3/test_role.py +++ b/openstack/tests/unit/identity/v3/test_role.py @@ -16,7 +16,6 @@ from openstack.identity.v3 import role IDENTIFIER = 'IDENTIFIER' EXAMPLE = { - 'domain_id': '1', 'id': IDENTIFIER, 'links': {'self': 'http://example.com/user1'}, 'name': '2', @@ -40,7 +39,6 @@ class TestRole(testtools.TestCase): def test_make_it(self): sot = role.Role(**EXAMPLE) - self.assertEqual(EXAMPLE['domain_id'], sot.domain_id) self.assertEqual(EXAMPLE['id'], sot.id) self.assertEqual(EXAMPLE['links'], sot.links) self.assertEqual(EXAMPLE['name'], sot.name) diff --git a/openstack/tests/unit/identity/v3/test_role_assignment.py b/openstack/tests/unit/identity/v3/test_role_assignment.py new file mode 100644 index 000000000..a0a1e5050 --- /dev/null +++ b/openstack/tests/unit/identity/v3/test_role_assignment.py @@ -0,0 +1,44 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from openstack.identity.v3 import role_assignment + +IDENTIFIER = 'IDENTIFIER' +EXAMPLE = { + 'id': IDENTIFIER, + 'links': {'self': 'http://example.com/user1'}, + 'scope': {'domain': {'id': '2'}}, + 'user': {'id': '3'}, + 'group': {'id': '4'} +} + + +class TestRoleAssignment(testtools.TestCase): + + def test_basic(self): + sot = role_assignment.RoleAssignment() + self.assertEqual('role_assignment', sot.resource_key) + self.assertEqual('role_assignments', sot.resources_key) + self.assertEqual('/role_assignments', + sot.base_path) + self.assertEqual('identity', sot.service.service_type) + self.assertTrue(sot.allow_list) + + def test_make_it(self): + sot = role_assignment.RoleAssignment(**EXAMPLE) + self.assertEqual(EXAMPLE['id'], sot.id) + self.assertEqual(EXAMPLE['links'], sot.links) + self.assertEqual(EXAMPLE['scope'], sot.scope) + self.assertEqual(EXAMPLE['user'], sot.user) + self.assertEqual(EXAMPLE['group'], sot.group) diff --git a/openstack/tests/unit/identity/v3/test_role_domain_group_assignment.py b/openstack/tests/unit/identity/v3/test_role_domain_group_assignment.py new file mode 100644 index 000000000..5e0777d20 --- /dev/null +++ b/openstack/tests/unit/identity/v3/test_role_domain_group_assignment.py @@ -0,0 +1,45 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from openstack.identity.v3 import role_domain_group_assignment + +IDENTIFIER = 'IDENTIFIER' +EXAMPLE = { + 'id': IDENTIFIER, + 'links': {'self': 'http://example.com/user1'}, + 'name': '2', + 'domain_id': '3', + 'group_id': '4' +} + + +class TestRoleDomainGroupAssignment(testtools.TestCase): + + def test_basic(self): + sot = role_domain_group_assignment.RoleDomainGroupAssignment() + self.assertEqual('role', sot.resource_key) + self.assertEqual('roles', sot.resources_key) + self.assertEqual('/domains/%(domain_id)s/groups/%(group_id)s/roles', + sot.base_path) + self.assertEqual('identity', sot.service.service_type) + self.assertTrue(sot.allow_list) + + def test_make_it(self): + sot = \ + role_domain_group_assignment.RoleDomainGroupAssignment(**EXAMPLE) + self.assertEqual(EXAMPLE['id'], sot.id) + self.assertEqual(EXAMPLE['links'], sot.links) + self.assertEqual(EXAMPLE['name'], sot.name) + self.assertEqual(EXAMPLE['domain_id'], sot.domain_id) + self.assertEqual(EXAMPLE['group_id'], sot.group_id) diff --git a/openstack/tests/unit/identity/v3/test_role_domain_user_assignment.py b/openstack/tests/unit/identity/v3/test_role_domain_user_assignment.py new file mode 100644 index 000000000..cc7de8bd7 --- /dev/null +++ b/openstack/tests/unit/identity/v3/test_role_domain_user_assignment.py @@ -0,0 +1,45 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from openstack.identity.v3 import role_domain_user_assignment + +IDENTIFIER = 'IDENTIFIER' +EXAMPLE = { + 'id': IDENTIFIER, + 'links': {'self': 'http://example.com/user1'}, + 'name': '2', + 'domain_id': '3', + 'user_id': '4' +} + + +class TestRoleDomainUserAssignment(testtools.TestCase): + + def test_basic(self): + sot = role_domain_user_assignment.RoleDomainUserAssignment() + self.assertEqual('role', sot.resource_key) + self.assertEqual('roles', sot.resources_key) + self.assertEqual('/domains/%(domain_id)s/users/%(user_id)s/roles', + sot.base_path) + self.assertEqual('identity', sot.service.service_type) + self.assertTrue(sot.allow_list) + + def test_make_it(self): + sot = \ + role_domain_user_assignment.RoleDomainUserAssignment(**EXAMPLE) + self.assertEqual(EXAMPLE['id'], sot.id) + self.assertEqual(EXAMPLE['links'], sot.links) + self.assertEqual(EXAMPLE['name'], sot.name) + self.assertEqual(EXAMPLE['domain_id'], sot.domain_id) + self.assertEqual(EXAMPLE['user_id'], sot.user_id) diff --git a/openstack/tests/unit/identity/v3/test_role_project_group_assignment.py b/openstack/tests/unit/identity/v3/test_role_project_group_assignment.py new file mode 100644 index 000000000..81c96e7db --- /dev/null +++ b/openstack/tests/unit/identity/v3/test_role_project_group_assignment.py @@ -0,0 +1,45 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from openstack.identity.v3 import role_project_group_assignment + +IDENTIFIER = 'IDENTIFIER' +EXAMPLE = { + 'id': IDENTIFIER, + 'links': {'self': 'http://example.com/user1'}, + 'name': '2', + 'project_id': '3', + 'group_id': '4' +} + + +class TestRoleProjectGroupAssignment(testtools.TestCase): + + def test_basic(self): + sot = role_project_group_assignment.RoleProjectGroupAssignment() + self.assertEqual('role', sot.resource_key) + self.assertEqual('roles', sot.resources_key) + self.assertEqual('/projects/%(project_id)s/groups/%(group_id)s/roles', + sot.base_path) + self.assertEqual('identity', sot.service.service_type) + self.assertTrue(sot.allow_list) + + def test_make_it(self): + sot = \ + role_project_group_assignment.RoleProjectGroupAssignment(**EXAMPLE) + self.assertEqual(EXAMPLE['id'], sot.id) + self.assertEqual(EXAMPLE['links'], sot.links) + self.assertEqual(EXAMPLE['name'], sot.name) + self.assertEqual(EXAMPLE['project_id'], sot.project_id) + self.assertEqual(EXAMPLE['group_id'], sot.group_id) diff --git a/openstack/tests/unit/identity/v3/test_role_project_user_assignment.py b/openstack/tests/unit/identity/v3/test_role_project_user_assignment.py new file mode 100644 index 000000000..5314c0bc5 --- /dev/null +++ b/openstack/tests/unit/identity/v3/test_role_project_user_assignment.py @@ -0,0 +1,45 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from openstack.identity.v3 import role_project_user_assignment + +IDENTIFIER = 'IDENTIFIER' +EXAMPLE = { + 'id': IDENTIFIER, + 'links': {'self': 'http://example.com/user1'}, + 'name': '2', + 'project_id': '3', + 'user_id': '4' +} + + +class TestRoleProjectUserAssignment(testtools.TestCase): + + def test_basic(self): + sot = role_project_user_assignment.RoleProjectUserAssignment() + self.assertEqual('role', sot.resource_key) + self.assertEqual('roles', sot.resources_key) + self.assertEqual('/projects/%(project_id)s/users/%(user_id)s/roles', + sot.base_path) + self.assertEqual('identity', sot.service.service_type) + self.assertTrue(sot.allow_list) + + def test_make_it(self): + sot = \ + role_project_user_assignment.RoleProjectUserAssignment(**EXAMPLE) + self.assertEqual(EXAMPLE['id'], sot.id) + self.assertEqual(EXAMPLE['links'], sot.links) + self.assertEqual(EXAMPLE['name'], sot.name) + self.assertEqual(EXAMPLE['project_id'], sot.project_id) + self.assertEqual(EXAMPLE['user_id'], sot.user_id)