github.com/opentelekomcloud/gophertelekomcloud@v0.9.3/acceptance/openstack/identity/v3/policies_test.go (about) 1 package v3 2 3 import ( 4 "os" 5 "reflect" 6 "testing" 7 8 golangsdk "github.com/opentelekomcloud/gophertelekomcloud" 9 "github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients" 10 "github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools" 11 "github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/agency" 12 "github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/policies" 13 th "github.com/opentelekomcloud/gophertelekomcloud/testhelper" 14 ) 15 16 func TestPolicyLifecycle(t *testing.T) { 17 if os.Getenv("OS_TENANT_ADMIN") == "" { 18 t.Skip("Policy doesn't allow NewIdentityV3AdminClient() to be initialized.") 19 } 20 21 client, err := clients.NewIdentityV30AdminClient() 22 th.AssertNoErr(t, err) 23 24 newPolicy := createPolicy(t, client) 25 th.AssertNoErr(t, err) 26 27 defer func() { 28 err = policies.Delete(client, newPolicy.ID).ExtractErr() 29 th.AssertNoErr(t, err) 30 }() 31 32 listOpts := policies.ListOpts{ 33 DisplayName: newPolicy.DisplayName, 34 } 35 36 allPages, err := policies.List(client, listOpts) 37 th.AssertNoErr(t, err) 38 39 th.AssertEquals(t, newPolicy.Description, allPages.Roles[0].Description) 40 th.AssertEquals(t, newPolicy.Type, allPages.Roles[0].Type) 41 th.AssertEquals(t, newPolicy.DisplayName, allPages.Roles[0].DisplayName) 42 th.AssertEquals(t, newPolicy.Policy.Version, allPages.Roles[0].Policy.Version) 43 if !reflect.DeepEqual(newPolicy.Policy.Statement, allPages.Roles[0].Policy.Statement) { 44 t.Error("Statement parameters are different") 45 } 46 47 newName := tools.RandomString("policy-test-new-", 5) 48 newDescription := tools.RandomString("description-new-", 5) 49 50 updateOpts := policies.CreateOpts{ 51 DisplayName: newName, 52 Type: "AX", 53 Description: newDescription, 54 Policy: policies.CreatePolicy{ 55 Version: "1.1", 56 Statement: []policies.CreateStatement{ 57 {Action: []string{ 58 "obs:bucket:ListBucket", 59 }, 60 Effect: "Deny", 61 Condition: map[string]map[string][]string{ 62 "StringNotStartWithIfExists": { 63 "g:ServiceName": []string{"ht"}, 64 }, 65 "StringNotEndWith": { 66 "g:UserName": []string{"3"}, 67 }, 68 }, 69 Resource: []string{"OBS:*:*:bucket:*"}, 70 }, 71 }, 72 }, 73 } 74 75 updatePolicy, err := policies.Update(client, newPolicy.ID, updateOpts).Extract() 76 77 th.AssertNoErr(t, err) 78 79 getPolicy, err := policies.Get(client, updatePolicy.ID).Extract() 80 81 th.AssertNoErr(t, err) 82 83 th.AssertEquals(t, updatePolicy.DisplayName, newName) 84 th.AssertEquals(t, updatePolicy.Description, newDescription) 85 th.AssertEquals(t, updatePolicy.Name, getPolicy.Name) 86 th.AssertEquals(t, updatePolicy.Description, getPolicy.Description) 87 th.AssertEquals(t, updatePolicy.Type, getPolicy.Type) 88 th.AssertEquals(t, updatePolicy.DisplayName, getPolicy.DisplayName) 89 th.AssertEquals(t, updatePolicy.Policy.Version, getPolicy.Policy.Version) 90 if !reflect.DeepEqual(updatePolicy.Policy.Statement, getPolicy.Policy.Statement) { 91 t.Error("Statement parameters are different") 92 } 93 } 94 95 func TestAgencyPolicyLifecycle(t *testing.T) { 96 if os.Getenv("OS_TENANT_ADMIN") == "" { 97 t.Skip("Policy doesn't allow NewIdentityV30AdminClient() to be initialized.") 98 } 99 100 if os.Getenv("DELEGATED_DOMAIN") == "" { 101 t.Skip("Unable to continue test without provided delegated domain name.") 102 } 103 104 client, err := clients.NewIdentityV30AdminClient() 105 106 th.AssertNoErr(t, err) 107 108 agencyOpts := agency.CreateOpts{ 109 Name: tools.RandomString("test-agency-", 5), 110 DomainID: client.DomainID, 111 DelegatedDomain: os.Getenv("DELEGATED_DOMAIN"), 112 } 113 114 createAgency, err := agency.Create(client, agencyOpts).Extract() 115 116 th.AssertNoErr(t, err) 117 118 defer func() { 119 err = agency.Delete(client, createAgency.ID).ExtractErr() 120 th.AssertNoErr(t, err) 121 }() 122 123 // this parameter is hardcoded for every custom policy made through agency 124 actionParameter := "iam:agencies:assume" 125 createOpts := policies.CreateOpts{ 126 DisplayName: tools.RandomString("policy-test-", 5), 127 Type: "AX", 128 Description: tools.RandomString("Description", 5), 129 Policy: policies.CreatePolicy{ 130 Version: "1.1", 131 Statement: []policies.CreateStatement{ 132 {Action: []string{ 133 actionParameter, 134 }, 135 Effect: "Allow", 136 Resource: map[string][]string{ 137 "uri": {"/iam/agencies/" + createAgency.ID}, 138 }, 139 }, 140 }, 141 }, 142 } 143 144 newPolicy, err := policies.Create(client, createOpts).Extract() 145 th.AssertNoErr(t, err) 146 147 defer func() { 148 err = policies.Delete(client, newPolicy.ID).ExtractErr() 149 th.AssertNoErr(t, err) 150 }() 151 152 listOpts := policies.ListOpts{ 153 ID: newPolicy.ID, 154 Type: newPolicy.Type, 155 } 156 157 allPages, err := policies.List(client, listOpts) 158 th.AssertNoErr(t, err) 159 160 th.AssertEquals(t, newPolicy.ID, allPages.Roles[0].ID) 161 th.AssertEquals(t, newPolicy.Description, allPages.Roles[0].Description) 162 th.AssertEquals(t, newPolicy.Type, allPages.Roles[0].Type) 163 th.AssertEquals(t, newPolicy.DisplayName, allPages.Roles[0].DisplayName) 164 th.AssertEquals(t, newPolicy.Policy.Version, allPages.Roles[0].Policy.Version) 165 if !reflect.DeepEqual(newPolicy.Policy.Statement, allPages.Roles[0].Policy.Statement) { 166 t.Error("Statement parameters are different") 167 } 168 169 newName := tools.RandomString("policy-test-new-", 5) 170 newDescription := tools.RandomString("description-new-", 5) 171 172 updateOpts := policies.CreateOpts{ 173 DisplayName: newName, 174 Type: "AX", 175 Description: newDescription, 176 Policy: policies.CreatePolicy{ 177 Version: "1.1", 178 Statement: []policies.CreateStatement{ 179 {Action: []string{ 180 actionParameter, 181 }, 182 Effect: "Allow", 183 Resource: map[string][]string{ 184 "uri": {"/iam/agencies/" + createAgency.ID}, 185 }, 186 }, 187 }, 188 }, 189 } 190 191 updatePolicy, err := policies.Update(client, newPolicy.ID, updateOpts).Extract() 192 193 th.AssertNoErr(t, err) 194 195 getPolicy, err := policies.Get(client, updatePolicy.ID).Extract() 196 197 th.AssertNoErr(t, err) 198 199 th.AssertEquals(t, updatePolicy.DisplayName, newName) 200 th.AssertEquals(t, updatePolicy.Description, newDescription) 201 th.AssertEquals(t, updatePolicy.Name, getPolicy.Name) 202 th.AssertEquals(t, updatePolicy.Description, getPolicy.Description) 203 th.AssertEquals(t, updatePolicy.Type, getPolicy.Type) 204 th.AssertEquals(t, updatePolicy.DisplayName, getPolicy.DisplayName) 205 th.AssertEquals(t, updatePolicy.Policy.Version, getPolicy.Policy.Version) 206 if !reflect.DeepEqual(updatePolicy.Policy.Statement, getPolicy.Policy.Statement) { 207 t.Error("Statement parameters are different") 208 } 209 } 210 211 func TestList(t *testing.T) { 212 if os.Getenv("OS_TENANT_ADMIN") == "" { 213 t.Skip("Policy doesn't allow NewIdentityV30AdminClient() to be initialized.") 214 } 215 216 client, err := clients.NewIdentityV30AdminClient() 217 th.AssertNoErr(t, err) 218 219 listOpts := policies.ListOpts{} 220 221 allPages, err := policies.List(client, listOpts) 222 th.AssertNoErr(t, err) 223 if allPages.Links.Self == "" { 224 t.Error("Link parameter unmarshalled improperly") 225 } 226 } 227 228 func createPolicy(t *testing.T, client *golangsdk.ServiceClient) *policies.Policy { 229 createOpts := policies.CreateOpts{ 230 DisplayName: tools.RandomString("policy-test-", 5), 231 Type: "AX", 232 Description: tools.RandomString("Description-", 5), 233 Policy: policies.CreatePolicy{ 234 Version: "1.1", 235 Statement: []policies.CreateStatement{ 236 {Action: []string{ 237 "obs:bucket:ListBucket", 238 }, 239 Effect: "Allow", 240 Condition: map[string]map[string][]string{ 241 "StringLikeAnyOfIfExists": { 242 "obs:prefix": []string{"ht"}, 243 }, 244 "StringNotEndWith": { 245 "g:UserName": []string{tools.RandomString("end_of_name-", 5)}, 246 }, 247 }, 248 Resource: []string{"OBS:*:*:bucket:some-bucket", "OBS:*:*:bucket:test-bucket"}, 249 }, 250 {Action: []string{ 251 "obs:bucket:ListBucket", 252 }, 253 Effect: "Deny", 254 Condition: map[string]map[string][]string{ 255 "StringEquals": { 256 "g:UserId": []string{tools.RandomString("dummy_id-", 5)}, 257 }, 258 }, 259 Resource: []string{"OBS:*:*:bucket:bucket"}, 260 }, 261 }, 262 }, 263 } 264 265 newPolicy, err := policies.Create(client, createOpts).Extract() 266 th.AssertNoErr(t, err) 267 return newPolicy 268 }