github.com/gophercloud/gophercloud@v1.11.0/internal/acceptance/openstack/identity/v3/roles_test.go (about) 1 //go:build acceptance 2 // +build acceptance 3 4 package v3 5 6 import ( 7 "testing" 8 9 "github.com/gophercloud/gophercloud" 10 "github.com/gophercloud/gophercloud/internal/acceptance/clients" 11 "github.com/gophercloud/gophercloud/internal/acceptance/tools" 12 "github.com/gophercloud/gophercloud/openstack/identity/v3/domains" 13 "github.com/gophercloud/gophercloud/openstack/identity/v3/groups" 14 "github.com/gophercloud/gophercloud/openstack/identity/v3/roles" 15 th "github.com/gophercloud/gophercloud/testhelper" 16 ) 17 18 func TestRolesList(t *testing.T) { 19 clients.RequireAdmin(t) 20 21 client, err := clients.NewIdentityV3Client() 22 th.AssertNoErr(t, err) 23 24 listOpts := roles.ListOpts{ 25 DomainID: "default", 26 } 27 28 allPages, err := roles.List(client, listOpts).AllPages() 29 th.AssertNoErr(t, err) 30 31 allRoles, err := roles.ExtractRoles(allPages) 32 th.AssertNoErr(t, err) 33 34 for _, role := range allRoles { 35 tools.PrintResource(t, role) 36 } 37 } 38 39 func TestRolesGet(t *testing.T) { 40 clients.RequireAdmin(t) 41 42 client, err := clients.NewIdentityV3Client() 43 th.AssertNoErr(t, err) 44 45 role, err := FindRole(t, client) 46 th.AssertNoErr(t, err) 47 48 p, err := roles.Get(client, role.ID).Extract() 49 th.AssertNoErr(t, err) 50 51 tools.PrintResource(t, p) 52 } 53 54 func TestRolesCRUD(t *testing.T) { 55 clients.RequireAdmin(t) 56 57 client, err := clients.NewIdentityV3Client() 58 th.AssertNoErr(t, err) 59 60 createOpts := roles.CreateOpts{ 61 Name: "testrole", 62 Extra: map[string]interface{}{ 63 "description": "test role description", 64 }, 65 } 66 67 // Create Role in the default domain 68 role, err := CreateRole(t, client, &createOpts) 69 th.AssertNoErr(t, err) 70 defer DeleteRole(t, client, role.ID) 71 72 tools.PrintResource(t, role) 73 tools.PrintResource(t, role.Extra) 74 75 listOpts := roles.ListOpts{} 76 allPages, err := roles.List(client, listOpts).AllPages() 77 th.AssertNoErr(t, err) 78 79 allRoles, err := roles.ExtractRoles(allPages) 80 th.AssertNoErr(t, err) 81 82 var found bool 83 for _, r := range allRoles { 84 tools.PrintResource(t, r) 85 tools.PrintResource(t, r.Extra) 86 87 if r.Name == role.Name { 88 found = true 89 } 90 } 91 92 th.AssertEquals(t, found, true) 93 94 updateOpts := roles.UpdateOpts{ 95 Extra: map[string]interface{}{ 96 "description": "updated test role description", 97 }, 98 } 99 100 newRole, err := roles.Update(client, role.ID, updateOpts).Extract() 101 th.AssertNoErr(t, err) 102 103 tools.PrintResource(t, newRole) 104 tools.PrintResource(t, newRole.Extra) 105 106 th.AssertEquals(t, newRole.Extra["description"], "updated test role description") 107 } 108 109 func TestRolesFilterList(t *testing.T) { 110 clients.RequireAdmin(t) 111 112 client, err := clients.NewIdentityV3Client() 113 th.AssertNoErr(t, err) 114 115 createOpts := roles.CreateOpts{ 116 Name: "testrole", 117 Extra: map[string]interface{}{ 118 "description": "test role description", 119 }, 120 } 121 122 // Create Role in the default domain 123 role, err := CreateRole(t, client, &createOpts) 124 th.AssertNoErr(t, err) 125 defer DeleteRole(t, client, role.ID) 126 127 var listOpts roles.ListOpts 128 listOpts.Filters = map[string]string{ 129 "name__contains": "test", 130 } 131 132 allPages, err := roles.List(client, listOpts).AllPages() 133 th.AssertNoErr(t, err) 134 135 allRoles, err := roles.ExtractRoles(allPages) 136 th.AssertNoErr(t, err) 137 138 found := false 139 for _, r := range allRoles { 140 tools.PrintResource(t, r) 141 tools.PrintResource(t, r.Extra) 142 143 if r.Name == role.Name { 144 found = true 145 } 146 } 147 148 th.AssertEquals(t, found, true) 149 150 listOpts.Filters = map[string]string{ 151 "name__contains": "reader", 152 } 153 154 allPages, err = roles.List(client, listOpts).AllPages() 155 th.AssertNoErr(t, err) 156 157 allRoles, err = roles.ExtractRoles(allPages) 158 th.AssertNoErr(t, err) 159 160 found = false 161 for _, r := range allRoles { 162 tools.PrintResource(t, r) 163 tools.PrintResource(t, r.Extra) 164 165 if r.Name == role.Name { 166 found = true 167 } 168 } 169 170 th.AssertEquals(t, found, false) 171 } 172 173 func TestRoleListAssignmentIncludeNamesAndSubtree(t *testing.T) { 174 clients.RequireAdmin(t) 175 176 client, err := clients.NewIdentityV3Client() 177 th.AssertNoErr(t, err) 178 179 project, err := CreateProject(t, client, nil) 180 th.AssertNoErr(t, err) 181 defer DeleteProject(t, client, project.ID) 182 183 domainID := "default" 184 roleCreateOpts := roles.CreateOpts{ 185 DomainID: domainID, 186 } 187 role, err := CreateRole(t, client, &roleCreateOpts) 188 th.AssertNoErr(t, err) 189 defer DeleteRole(t, client, role.ID) 190 191 user, err := CreateUser(t, client, nil) 192 th.AssertNoErr(t, err) 193 defer DeleteUser(t, client, user.ID) 194 195 t.Logf("Attempting to assign a role %s to a user %s on a project %s", 196 role.Name, user.Name, project.Name) 197 198 assignOpts := roles.AssignOpts{ 199 UserID: user.ID, 200 ProjectID: project.ID, 201 } 202 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 203 th.AssertNoErr(t, err) 204 205 t.Logf("Successfully assigned a role %s to a user %s on a project %s", 206 role.Name, user.Name, project.Name) 207 208 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 209 UserID: user.ID, 210 ProjectID: project.ID, 211 }) 212 213 iTrue := true 214 listAssignmentsOpts := roles.ListAssignmentsOpts{ 215 UserID: user.ID, 216 ScopeProjectID: domainID, // set domainID in ScopeProjectID field to list assignments on all projects in domain 217 IncludeSubtree: &iTrue, 218 IncludeNames: &iTrue, 219 } 220 allPages, err := roles.ListAssignments(client, listAssignmentsOpts).AllPages() 221 th.AssertNoErr(t, err) 222 223 allRoles, err := roles.ExtractRoleAssignments(allPages) 224 th.AssertNoErr(t, err) 225 226 t.Logf("Role assignments(with names) of user %s on projects in domain %s:", user.Name, domainID) 227 var found bool 228 for _, _role := range allRoles { 229 tools.PrintResource(t, _role) 230 if _role.Role.ID == role.ID && 231 _role.User.Name == user.Name && 232 _role.Scope.Project.Name == project.Name && 233 _role.Scope.Project.Domain.ID == domainID { 234 found = true 235 } 236 } 237 238 th.AssertEquals(t, found, true) 239 } 240 241 func TestRoleListAssignmentForUserOnProject(t *testing.T) { 242 clients.RequireAdmin(t) 243 244 client, err := clients.NewIdentityV3Client() 245 th.AssertNoErr(t, err) 246 247 project, err := CreateProject(t, client, nil) 248 th.AssertNoErr(t, err) 249 defer DeleteProject(t, client, project.ID) 250 251 roleCreateOpts := roles.CreateOpts{ 252 DomainID: "default", 253 } 254 role, err := CreateRole(t, client, &roleCreateOpts) 255 th.AssertNoErr(t, err) 256 defer DeleteRole(t, client, role.ID) 257 258 user, err := CreateUser(t, client, nil) 259 th.AssertNoErr(t, err) 260 defer DeleteUser(t, client, user.ID) 261 262 t.Logf("Attempting to assign a role %s to a user %s on a project %s", 263 role.Name, user.Name, project.Name) 264 265 assignOpts := roles.AssignOpts{ 266 UserID: user.ID, 267 ProjectID: project.ID, 268 } 269 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 270 th.AssertNoErr(t, err) 271 272 t.Logf("Successfully assigned a role %s to a user %s on a project %s", 273 role.Name, user.Name, project.Name) 274 275 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 276 UserID: user.ID, 277 ProjectID: project.ID, 278 }) 279 280 listAssignmentsOnResourceOpts := roles.ListAssignmentsOnResourceOpts{ 281 UserID: user.ID, 282 ProjectID: project.ID, 283 } 284 allPages, err := roles.ListAssignmentsOnResource(client, listAssignmentsOnResourceOpts).AllPages() 285 th.AssertNoErr(t, err) 286 287 allRoles, err := roles.ExtractRoles(allPages) 288 th.AssertNoErr(t, err) 289 290 t.Logf("Role assignments of user %s on project %s:", user.Name, project.Name) 291 var found bool 292 for _, _role := range allRoles { 293 tools.PrintResource(t, _role) 294 295 if _role.ID == role.ID { 296 found = true 297 } 298 } 299 300 th.AssertEquals(t, found, true) 301 } 302 303 func TestRoleListAssignmentForUserOnDomain(t *testing.T) { 304 clients.RequireAdmin(t) 305 306 client, err := clients.NewIdentityV3Client() 307 th.AssertNoErr(t, err) 308 309 domain, err := CreateDomain(t, client, &domains.CreateOpts{ 310 Enabled: gophercloud.Disabled, 311 }) 312 th.AssertNoErr(t, err) 313 defer DeleteDomain(t, client, domain.ID) 314 315 roleCreateOpts := roles.CreateOpts{ 316 DomainID: "default", 317 } 318 role, err := CreateRole(t, client, &roleCreateOpts) 319 th.AssertNoErr(t, err) 320 defer DeleteRole(t, client, role.ID) 321 322 user, err := CreateUser(t, client, nil) 323 th.AssertNoErr(t, err) 324 defer DeleteUser(t, client, user.ID) 325 326 t.Logf("Attempting to assign a role %s to a user %s on a domain %s", 327 role.Name, user.Name, domain.Name) 328 329 assignOpts := roles.AssignOpts{ 330 UserID: user.ID, 331 DomainID: domain.ID, 332 } 333 334 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 335 th.AssertNoErr(t, err) 336 337 t.Logf("Successfully assigned a role %s to a user %s on a domain %s", 338 role.Name, user.Name, domain.Name) 339 340 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 341 UserID: user.ID, 342 DomainID: domain.ID, 343 }) 344 345 listAssignmentsOnResourceOpts := roles.ListAssignmentsOnResourceOpts{ 346 UserID: user.ID, 347 DomainID: domain.ID, 348 } 349 allPages, err := roles.ListAssignmentsOnResource(client, listAssignmentsOnResourceOpts).AllPages() 350 th.AssertNoErr(t, err) 351 352 allRoles, err := roles.ExtractRoles(allPages) 353 th.AssertNoErr(t, err) 354 355 t.Logf("Role assignments of user %s on domain %s:", user.Name, domain.Name) 356 var found bool 357 for _, _role := range allRoles { 358 tools.PrintResource(t, _role) 359 360 if _role.ID == role.ID { 361 found = true 362 } 363 } 364 365 th.AssertEquals(t, found, true) 366 } 367 368 func TestRoleListAssignmentForGroupOnProject(t *testing.T) { 369 clients.RequireAdmin(t) 370 371 client, err := clients.NewIdentityV3Client() 372 th.AssertNoErr(t, err) 373 374 project, err := CreateProject(t, client, nil) 375 th.AssertNoErr(t, err) 376 defer DeleteProject(t, client, project.ID) 377 378 roleCreateOpts := roles.CreateOpts{ 379 DomainID: "default", 380 } 381 role, err := CreateRole(t, client, &roleCreateOpts) 382 th.AssertNoErr(t, err) 383 defer DeleteRole(t, client, role.ID) 384 385 groupCreateOpts := &groups.CreateOpts{ 386 DomainID: "default", 387 } 388 group, err := CreateGroup(t, client, groupCreateOpts) 389 th.AssertNoErr(t, err) 390 defer DeleteGroup(t, client, group.ID) 391 392 t.Logf("Attempting to assign a role %s to a group %s on a project %s", 393 role.Name, group.Name, project.Name) 394 395 assignOpts := roles.AssignOpts{ 396 GroupID: group.ID, 397 ProjectID: project.ID, 398 } 399 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 400 th.AssertNoErr(t, err) 401 402 t.Logf("Successfully assigned a role %s to a group %s on a project %s", 403 role.Name, group.Name, project.Name) 404 405 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 406 GroupID: group.ID, 407 ProjectID: project.ID, 408 }) 409 410 listAssignmentsOnResourceOpts := roles.ListAssignmentsOnResourceOpts{ 411 GroupID: group.ID, 412 ProjectID: project.ID, 413 } 414 allPages, err := roles.ListAssignmentsOnResource(client, listAssignmentsOnResourceOpts).AllPages() 415 th.AssertNoErr(t, err) 416 417 allRoles, err := roles.ExtractRoles(allPages) 418 th.AssertNoErr(t, err) 419 420 t.Logf("Role assignments of group %s on project %s:", group.Name, project.Name) 421 var found bool 422 for _, _role := range allRoles { 423 tools.PrintResource(t, _role) 424 425 if _role.ID == role.ID { 426 found = true 427 } 428 } 429 430 th.AssertEquals(t, found, true) 431 } 432 433 func TestRoleListAssignmentForGroupOnDomain(t *testing.T) { 434 clients.RequireAdmin(t) 435 436 client, err := clients.NewIdentityV3Client() 437 th.AssertNoErr(t, err) 438 439 domain, err := CreateDomain(t, client, &domains.CreateOpts{ 440 Enabled: gophercloud.Disabled, 441 }) 442 th.AssertNoErr(t, err) 443 defer DeleteDomain(t, client, domain.ID) 444 445 roleCreateOpts := roles.CreateOpts{ 446 DomainID: "default", 447 } 448 role, err := CreateRole(t, client, &roleCreateOpts) 449 th.AssertNoErr(t, err) 450 defer DeleteRole(t, client, role.ID) 451 452 groupCreateOpts := &groups.CreateOpts{ 453 DomainID: "default", 454 } 455 group, err := CreateGroup(t, client, groupCreateOpts) 456 th.AssertNoErr(t, err) 457 defer DeleteGroup(t, client, group.ID) 458 459 t.Logf("Attempting to assign a role %s to a group %s on a domain %s", 460 role.Name, group.Name, domain.Name) 461 462 assignOpts := roles.AssignOpts{ 463 GroupID: group.ID, 464 DomainID: domain.ID, 465 } 466 467 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 468 th.AssertNoErr(t, err) 469 470 t.Logf("Successfully assigned a role %s to a group %s on a domain %s", 471 role.Name, group.Name, domain.Name) 472 473 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 474 GroupID: group.ID, 475 DomainID: domain.ID, 476 }) 477 478 listAssignmentsOnResourceOpts := roles.ListAssignmentsOnResourceOpts{ 479 GroupID: group.ID, 480 DomainID: domain.ID, 481 } 482 allPages, err := roles.ListAssignmentsOnResource(client, listAssignmentsOnResourceOpts).AllPages() 483 th.AssertNoErr(t, err) 484 485 allRoles, err := roles.ExtractRoles(allPages) 486 th.AssertNoErr(t, err) 487 488 t.Logf("Role assignments of group %s on domain %s:", group.Name, domain.Name) 489 var found bool 490 for _, _role := range allRoles { 491 tools.PrintResource(t, _role) 492 493 if _role.ID == role.ID { 494 found = true 495 } 496 } 497 498 th.AssertEquals(t, found, true) 499 } 500 501 func TestRolesAssignToUserOnProject(t *testing.T) { 502 clients.RequireAdmin(t) 503 504 client, err := clients.NewIdentityV3Client() 505 th.AssertNoErr(t, err) 506 507 project, err := CreateProject(t, client, nil) 508 th.AssertNoErr(t, err) 509 defer DeleteProject(t, client, project.ID) 510 511 roleCreateOpts := roles.CreateOpts{ 512 DomainID: "default", 513 } 514 role, err := CreateRole(t, client, &roleCreateOpts) 515 th.AssertNoErr(t, err) 516 defer DeleteRole(t, client, role.ID) 517 518 user, err := CreateUser(t, client, nil) 519 th.AssertNoErr(t, err) 520 defer DeleteUser(t, client, user.ID) 521 522 t.Logf("Attempting to assign a role %s to a user %s on a project %s", 523 role.Name, user.Name, project.Name) 524 525 assignOpts := roles.AssignOpts{ 526 UserID: user.ID, 527 ProjectID: project.ID, 528 } 529 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 530 th.AssertNoErr(t, err) 531 532 t.Logf("Successfully assigned a role %s to a user %s on a project %s", 533 role.Name, user.Name, project.Name) 534 535 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 536 UserID: user.ID, 537 ProjectID: project.ID, 538 }) 539 540 iTrue := true 541 lao := roles.ListAssignmentsOpts{ 542 RoleID: role.ID, 543 ScopeProjectID: project.ID, 544 UserID: user.ID, 545 IncludeNames: &iTrue, 546 } 547 548 allPages, err := roles.ListAssignments(client, lao).AllPages() 549 th.AssertNoErr(t, err) 550 551 allRoleAssignments, err := roles.ExtractRoleAssignments(allPages) 552 th.AssertNoErr(t, err) 553 554 t.Logf("Role assignments of user %s on project %s:", user.Name, project.Name) 555 var found bool 556 for _, roleAssignment := range allRoleAssignments { 557 tools.PrintResource(t, roleAssignment) 558 559 if roleAssignment.Role.ID == role.ID { 560 found = true 561 } 562 563 if roleAssignment.User.Domain.ID == "" || roleAssignment.Scope.Project.Domain.ID == "" { 564 found = false 565 } 566 } 567 568 th.AssertEquals(t, found, true) 569 } 570 571 func TestRolesAssignToUserOnDomain(t *testing.T) { 572 clients.RequireAdmin(t) 573 574 client, err := clients.NewIdentityV3Client() 575 th.AssertNoErr(t, err) 576 577 domain, err := CreateDomain(t, client, &domains.CreateOpts{ 578 Enabled: gophercloud.Disabled, 579 }) 580 th.AssertNoErr(t, err) 581 defer DeleteDomain(t, client, domain.ID) 582 583 roleCreateOpts := roles.CreateOpts{ 584 DomainID: "default", 585 } 586 role, err := CreateRole(t, client, &roleCreateOpts) 587 th.AssertNoErr(t, err) 588 defer DeleteRole(t, client, role.ID) 589 590 user, err := CreateUser(t, client, nil) 591 th.AssertNoErr(t, err) 592 defer DeleteUser(t, client, user.ID) 593 594 t.Logf("Attempting to assign a role %s to a user %s on a domain %s", 595 role.Name, user.Name, domain.Name) 596 597 assignOpts := roles.AssignOpts{ 598 UserID: user.ID, 599 DomainID: domain.ID, 600 } 601 602 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 603 th.AssertNoErr(t, err) 604 605 t.Logf("Successfully assigned a role %s to a user %s on a domain %s", 606 role.Name, user.Name, domain.Name) 607 608 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 609 UserID: user.ID, 610 DomainID: domain.ID, 611 }) 612 613 iTrue := true 614 lao := roles.ListAssignmentsOpts{ 615 RoleID: role.ID, 616 ScopeDomainID: domain.ID, 617 UserID: user.ID, 618 IncludeNames: &iTrue, 619 } 620 621 allPages, err := roles.ListAssignments(client, lao).AllPages() 622 th.AssertNoErr(t, err) 623 624 allRoleAssignments, err := roles.ExtractRoleAssignments(allPages) 625 th.AssertNoErr(t, err) 626 627 t.Logf("Role assignments of user %s on domain %s:", user.Name, domain.Name) 628 var found bool 629 for _, roleAssignment := range allRoleAssignments { 630 tools.PrintResource(t, roleAssignment) 631 632 if roleAssignment.Role.ID == role.ID { 633 found = true 634 } 635 636 if roleAssignment.User.Domain.ID == "" { 637 found = false 638 } 639 } 640 641 th.AssertEquals(t, found, true) 642 } 643 644 func TestRolesAssignToGroupOnDomain(t *testing.T) { 645 clients.RequireAdmin(t) 646 647 client, err := clients.NewIdentityV3Client() 648 th.AssertNoErr(t, err) 649 650 domain, err := CreateDomain(t, client, &domains.CreateOpts{ 651 Enabled: gophercloud.Disabled, 652 }) 653 th.AssertNoErr(t, err) 654 defer DeleteDomain(t, client, domain.ID) 655 656 roleCreateOpts := roles.CreateOpts{ 657 DomainID: "default", 658 } 659 role, err := CreateRole(t, client, &roleCreateOpts) 660 th.AssertNoErr(t, err) 661 defer DeleteRole(t, client, role.ID) 662 663 groupCreateOpts := &groups.CreateOpts{ 664 DomainID: "default", 665 } 666 group, err := CreateGroup(t, client, groupCreateOpts) 667 th.AssertNoErr(t, err) 668 defer DeleteGroup(t, client, group.ID) 669 670 t.Logf("Attempting to assign a role %s to a group %s on a domain %s", 671 role.Name, group.Name, domain.Name) 672 673 assignOpts := roles.AssignOpts{ 674 GroupID: group.ID, 675 DomainID: domain.ID, 676 } 677 678 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 679 th.AssertNoErr(t, err) 680 681 t.Logf("Successfully assigned a role %s to a group %s on a domain %s", 682 role.Name, group.Name, domain.Name) 683 684 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 685 GroupID: group.ID, 686 DomainID: domain.ID, 687 }) 688 689 iTrue := true 690 lao := roles.ListAssignmentsOpts{ 691 RoleID: role.ID, 692 ScopeDomainID: domain.ID, 693 GroupID: group.ID, 694 IncludeNames: &iTrue, 695 } 696 697 allPages, err := roles.ListAssignments(client, lao).AllPages() 698 th.AssertNoErr(t, err) 699 700 allRoleAssignments, err := roles.ExtractRoleAssignments(allPages) 701 th.AssertNoErr(t, err) 702 703 t.Logf("Role assignments of group %s on domain %s:", group.Name, domain.Name) 704 var found bool 705 for _, roleAssignment := range allRoleAssignments { 706 tools.PrintResource(t, roleAssignment) 707 708 if roleAssignment.Role.ID == role.ID { 709 found = true 710 } 711 712 if roleAssignment.Group.Domain.ID == "" { 713 found = false 714 } 715 } 716 717 th.AssertEquals(t, found, true) 718 } 719 720 func TestRolesAssignToGroupOnProject(t *testing.T) { 721 clients.RequireAdmin(t) 722 723 client, err := clients.NewIdentityV3Client() 724 th.AssertNoErr(t, err) 725 726 project, err := CreateProject(t, client, nil) 727 th.AssertNoErr(t, err) 728 defer DeleteProject(t, client, project.ID) 729 730 roleCreateOpts := roles.CreateOpts{ 731 DomainID: "default", 732 } 733 role, err := CreateRole(t, client, &roleCreateOpts) 734 th.AssertNoErr(t, err) 735 defer DeleteRole(t, client, role.ID) 736 737 groupCreateOpts := &groups.CreateOpts{ 738 DomainID: "default", 739 } 740 group, err := CreateGroup(t, client, groupCreateOpts) 741 th.AssertNoErr(t, err) 742 defer DeleteGroup(t, client, group.ID) 743 744 t.Logf("Attempting to assign a role %s to a group %s on a project %s", 745 role.Name, group.Name, project.Name) 746 747 assignOpts := roles.AssignOpts{ 748 GroupID: group.ID, 749 ProjectID: project.ID, 750 } 751 err = roles.Assign(client, role.ID, assignOpts).ExtractErr() 752 th.AssertNoErr(t, err) 753 754 t.Logf("Successfully assigned a role %s to a group %s on a project %s", 755 role.Name, group.Name, project.Name) 756 757 defer UnassignRole(t, client, role.ID, &roles.UnassignOpts{ 758 GroupID: group.ID, 759 ProjectID: project.ID, 760 }) 761 762 iTrue := true 763 lao := roles.ListAssignmentsOpts{ 764 RoleID: role.ID, 765 ScopeProjectID: project.ID, 766 GroupID: group.ID, 767 IncludeNames: &iTrue, 768 } 769 770 allPages, err := roles.ListAssignments(client, lao).AllPages() 771 th.AssertNoErr(t, err) 772 773 allRoleAssignments, err := roles.ExtractRoleAssignments(allPages) 774 th.AssertNoErr(t, err) 775 776 t.Logf("Role assignments of group %s on project %s:", group.Name, project.Name) 777 var found bool 778 for _, roleAssignment := range allRoleAssignments { 779 tools.PrintResource(t, roleAssignment) 780 781 if roleAssignment.Role.ID == role.ID { 782 found = true 783 } 784 785 if roleAssignment.Scope.Project.Domain.ID == "" || roleAssignment.Group.Domain.ID == "" { 786 found = false 787 } 788 } 789 790 th.AssertEquals(t, found, true) 791 }