roles

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 27, 2024 License: Apache-2.0 Imports: 6 Imported by: 57

Documentation

Overview

Package roles provides information and interaction with the roles API resource for the OpenStack Identity service.

Example to List Roles

listOpts := roles.ListOpts{
	DomainID: "default",
}

allPages, err := roles.List(identityClient, listOpts).AllPages()
if err != nil {
	panic(err)
}

allRoles, err := roles.ExtractRoles(allPages)
if err != nil {
	panic(err)
}

for _, role := range allRoles {
	fmt.Printf("%+v\n", role)
}

Example to Create a Role

createOpts := roles.CreateOpts{
	Name:             "read-only-admin",
	DomainID:         "default",
	Extra: map[string]interface{}{
		"description": "this role grants read-only privilege cross tenant",
	}
}

role, err := roles.Create(identityClient, createOpts).Extract()
if err != nil {
	panic(err)
}

Example to Update a Role

roleID := "0fe36e73809d46aeae6705c39077b1b3"

updateOpts := roles.UpdateOpts{
	Name: "read only admin",
}

role, err := roles.Update(identityClient, roleID, updateOpts).Extract()
if err != nil {
	panic(err)
}

Example to Delete a Role

roleID := "0fe36e73809d46aeae6705c39077b1b3"
err := roles.Delete(identityClient, roleID).ExtractErr()
if err != nil {
	panic(err)
}

Example to List Role Assignments

listOpts := roles.ListAssignmentsOpts{
	UserID:         "97061de2ed0647b28a393c36ab584f39",
	ScopeProjectID: "9df1a02f5eb2416a9781e8b0c022d3ae",
}

allPages, err := roles.ListAssignments(identityClient, listOpts).AllPages()
if err != nil {
	panic(err)
}

allRoles, err := roles.ExtractRoleAssignments(allPages)
if err != nil {
	panic(err)
}

for _, role := range allRoles {
	fmt.Printf("%+v\n", role)
}

Example to List Role Assignments for a User on a Project

projectID := "a99e9b4e620e4db09a2dfb6e42a01e66"
userID := "9df1a02f5eb2416a9781e8b0c022d3ae"
listAssignmentsOnResourceOpts := roles.ListAssignmentsOnResourceOpts{
	UserID:    userID,
	ProjectID: projectID,
}

allPages, err := roles.ListAssignmentsOnResource(identityClient, listAssignmentsOnResourceOpts).AllPages()
if err != nil {
	panic(err)
}

allRoles, err := roles.ExtractRoles(allPages)
if err != nil {
	panic(err)
}

for _, role := range allRoles {
	fmt.Printf("%+v\n", role)
}

Example to Assign a Role to a User in a Project

projectID := "a99e9b4e620e4db09a2dfb6e42a01e66"
userID := "9df1a02f5eb2416a9781e8b0c022d3ae"
roleID := "9fe2ff9ee4384b1894a90878d3e92bab"

err := roles.Assign(identityClient, roleID, roles.AssignOpts{
	UserID:    userID,
	ProjectID: projectID,
}).ExtractErr()

if err != nil {
	panic(err)
}

Example to Unassign a Role From a User in a Project

projectID := "a99e9b4e620e4db09a2dfb6e42a01e66"
userID := "9df1a02f5eb2416a9781e8b0c022d3ae"
roleID := "9fe2ff9ee4384b1894a90878d3e92bab"

err := roles.Unassign(identityClient, roleID, roles.UnassignOpts{
	UserID:    userID,
	ProjectID: projectID,
}).ExtractErr()

if err != nil {
	panic(err)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func List

List enumerates the roles to which the current token has access.

func ListAssignments

ListAssignments enumerates the roles assigned to a specified resource.

func ListAssignmentsOnResource

func ListAssignmentsOnResource(client *gophercloud.ServiceClient, opts ListAssignmentsOnResourceOpts) pagination.Pager

ListAssignmentsOnResource is the operation responsible for listing role assignments for a user/group on a project/domain.

Types

type AssignOpts

type AssignOpts struct {
	// UserID is the ID of a user to assign a role
	// Note: exactly one of UserID or GroupID must be provided
	UserID string `xor:"GroupID"`

	// GroupID is the ID of a group to assign a role
	// Note: exactly one of UserID or GroupID must be provided
	GroupID string `xor:"UserID"`

	// ProjectID is the ID of a project to assign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	ProjectID string `xor:"DomainID"`

	// DomainID is the ID of a domain to assign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	DomainID string `xor:"ProjectID"`
}

AssignOpts provides options to assign a role

type AssignedRole

type AssignedRole struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
}

AssignedRole represents a Role in an assignment.

type AssignmentResult

type AssignmentResult struct {
	gophercloud.ErrResult
}

AssignmentResult represents the result of an assign operation. Call ExtractErr method to determine if the request succeeded or failed.

func Assign

func Assign(client *gophercloud.ServiceClient, roleID string, opts AssignOpts) (r AssignmentResult)

Assign is the operation responsible for assigning a role to a user/group on a project/domain.

type CreateOpts

type CreateOpts struct {
	// Name is the name of the new role.
	Name string `json:"name" required:"true"`

	// DomainID is the ID of the domain the role belongs to.
	DomainID string `json:"domain_id,omitempty"`

	// Extra is free-form extra key/value pairs to describe the role.
	Extra map[string]interface{} `json:"-"`
}

CreateOpts provides options used to create a role.

func (CreateOpts) ToRoleCreateMap

func (opts CreateOpts) ToRoleCreateMap() (map[string]interface{}, error)

ToRoleCreateMap formats a CreateOpts into a create request.

type CreateOptsBuilder

type CreateOptsBuilder interface {
	ToRoleCreateMap() (map[string]interface{}, error)
}

CreateOptsBuilder allows extensions to add additional parameters to the Create request.

type CreateResult

type CreateResult struct {
	// contains filtered or unexported fields
}

CreateResult is the response from a Create operation. Call its Extract method to interpret it as a Role

func Create

func Create(client *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult)

Create creates a new Role.

func (CreateResult) Extract

func (r CreateResult) Extract() (*Role, error)

Extract interprets any roleResults as a Role.

type DeleteResult

type DeleteResult struct {
	gophercloud.ErrResult
}

DeleteResult is the response from a Delete operation. Call its ExtractErr to determine if the request succeeded or failed.

func Delete

func Delete(client *gophercloud.ServiceClient, roleID string) (r DeleteResult)

Delete deletes a role.

type Domain

type Domain struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
}

Domain represents a domain in a role assignment scope.

type GetResult

type GetResult struct {
	// contains filtered or unexported fields
}

GetResult is the response from a Get operation. Call its Extract method to interpret it as a Role.

func Get

func Get(client *gophercloud.ServiceClient, id string) (r GetResult)

Get retrieves details on a single role, by ID.

func (GetResult) Extract

func (r GetResult) Extract() (*Role, error)

Extract interprets any roleResults as a Role.

type Group

type Group struct {
	Domain Domain `json:"domain,omitempty"`
	ID     string `json:"id,omitempty"`
	Name   string `json:"name,omitempty"`
}

Group represents a group in a role assignment scope.

type InvalidListFilter

type InvalidListFilter struct {
	FilterName string
}

InvalidListFilter is returned by the ToUserListQuery method when validation of a filter does not pass

func (InvalidListFilter) Error

func (e InvalidListFilter) Error() string

type ListAssignmentsOnResourceOpts

type ListAssignmentsOnResourceOpts struct {
	// UserID is the ID of a user to assign a role
	// Note: exactly one of UserID or GroupID must be provided
	UserID string `xor:"GroupID"`

	// GroupID is the ID of a group to assign a role
	// Note: exactly one of UserID or GroupID must be provided
	GroupID string `xor:"UserID"`

	// ProjectID is the ID of a project to assign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	ProjectID string `xor:"DomainID"`

	// DomainID is the ID of a domain to assign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	DomainID string `xor:"ProjectID"`
}

ListAssignmentsOnResourceOpts provides options to list role assignments for a user/group on a project/domain

type ListAssignmentsOpts

type ListAssignmentsOpts struct {
	// GroupID is the group ID to query.
	GroupID string `q:"group.id"`

	// RoleID is the specific role to query assignments to.
	RoleID string `q:"role.id"`

	// ScopeDomainID filters the results by the given domain ID.
	ScopeDomainID string `q:"scope.domain.id"`

	// ScopeProjectID filters the results by the given Project ID.
	ScopeProjectID string `q:"scope.project.id"`

	// UserID filterst he results by the given User ID.
	UserID string `q:"user.id"`

	// Effective lists effective assignments at the user, project, and domain
	// level, allowing for the effects of group membership.
	Effective *bool `q:"effective"`

	// IncludeNames indicates whether to include names of any returned entities.
	// Requires microversion 3.6 or later.
	IncludeNames *bool `q:"include_names"`

	// IncludeSubtree indicates whether to include relevant assignments in the project hierarchy below the project
	// specified in the ScopeProjectID. Specify DomainID in ScopeProjectID to get a list for all projects in the domain.
	// Requires microversion 3.6 or later.
	IncludeSubtree *bool `q:"include_subtree"`
}

ListAssignmentsOpts allows you to query the ListAssignments method. Specify one of or a combination of GroupId, RoleId, ScopeDomainId, ScopeProjectId, and/or UserId to search for roles assigned to corresponding entities.

func (ListAssignmentsOpts) ToRolesListAssignmentsQuery

func (opts ListAssignmentsOpts) ToRolesListAssignmentsQuery() (string, error)

ToRolesListAssignmentsQuery formats a ListAssignmentsOpts into a query string.

type ListAssignmentsOptsBuilder

type ListAssignmentsOptsBuilder interface {
	ToRolesListAssignmentsQuery() (string, error)
}

ListAssignmentsOptsBuilder allows extensions to add additional parameters to the ListAssignments request.

type ListOpts

type ListOpts struct {
	// DomainID filters the response by a domain ID.
	DomainID string `q:"domain_id"`

	// Name filters the response by role name.
	Name string `q:"name"`

	// Filters filters the response by custom filters such as
	// 'name__contains=foo'
	Filters map[string]string `q:"-"`
}

ListOpts provides options to filter the List results.

func (ListOpts) ToRoleListQuery

func (opts ListOpts) ToRoleListQuery() (string, error)

ToRoleListQuery formats a ListOpts into a query string.

type ListOptsBuilder

type ListOptsBuilder interface {
	ToRoleListQuery() (string, error)
}

ListOptsBuilder allows extensions to add additional parameters to the List request

type Project

type Project struct {
	Domain Domain `json:"domain,omitempty"`
	ID     string `json:"id,omitempty"`
	Name   string `json:"name,omitempty"`
}

Project represents a project in a role assignment scope.

type Role

type Role struct {
	// DomainID is the domain ID the role belongs to.
	DomainID string `json:"domain_id"`

	// ID is the unique ID of the role.
	ID string `json:"id"`

	// Links contains referencing links to the role.
	Links map[string]interface{} `json:"links"`

	// Name is the role name
	Name string `json:"name"`

	// Extra is a collection of miscellaneous key/values.
	Extra map[string]interface{} `json:"-"`
}

Role grants permissions to a user.

func ExtractRoles

func ExtractRoles(r pagination.Page) ([]Role, error)

ExtractProjects returns a slice of Roles contained in a single page of results.

func (*Role) UnmarshalJSON

func (r *Role) UnmarshalJSON(b []byte) error

type RoleAssignment

type RoleAssignment struct {
	Role  AssignedRole `json:"role,omitempty"`
	Scope Scope        `json:"scope,omitempty"`
	User  User         `json:"user,omitempty"`
	Group Group        `json:"group,omitempty"`
}

RoleAssignment is the result of a role assignments query.

func ExtractRoleAssignments

func ExtractRoleAssignments(r pagination.Page) ([]RoleAssignment, error)

ExtractRoleAssignments extracts a slice of RoleAssignments from a Collection acquired from List.

type RoleAssignmentPage

type RoleAssignmentPage struct {
	pagination.LinkedPageBase
}

RoleAssignmentPage is a single page of RoleAssignments results.

func (RoleAssignmentPage) IsEmpty

func (r RoleAssignmentPage) IsEmpty() (bool, error)

IsEmpty returns true if the RoleAssignmentPage contains no results.

func (RoleAssignmentPage) NextPageURL

func (r RoleAssignmentPage) NextPageURL() (string, error)

NextPageURL uses the response's embedded link reference to navigate to the next page of results.

type RolePage

type RolePage struct {
	pagination.LinkedPageBase
}

RolePage is a single page of Role results.

func (RolePage) IsEmpty

func (r RolePage) IsEmpty() (bool, error)

IsEmpty determines whether or not a page of Roles contains any results.

func (RolePage) NextPageURL

func (r RolePage) NextPageURL() (string, error)

NextPageURL extracts the "next" link from the links section of the result.

type Scope

type Scope struct {
	Domain  Domain  `json:"domain,omitempty"`
	Project Project `json:"project,omitempty"`
}

Scope represents a scope in a Role assignment.

type UnassignOpts

type UnassignOpts struct {
	// UserID is the ID of a user to unassign a role
	// Note: exactly one of UserID or GroupID must be provided
	UserID string `xor:"GroupID"`

	// GroupID is the ID of a group to unassign a role
	// Note: exactly one of UserID or GroupID must be provided
	GroupID string `xor:"UserID"`

	// ProjectID is the ID of a project to unassign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	ProjectID string `xor:"DomainID"`

	// DomainID is the ID of a domain to unassign a role on
	// Note: exactly one of ProjectID or DomainID must be provided
	DomainID string `xor:"ProjectID"`
}

UnassignOpts provides options to unassign a role

type UnassignmentResult

type UnassignmentResult struct {
	gophercloud.ErrResult
}

UnassignmentResult represents the result of an unassign operation. Call ExtractErr method to determine if the request succeeded or failed.

func Unassign

func Unassign(client *gophercloud.ServiceClient, roleID string, opts UnassignOpts) (r UnassignmentResult)

Unassign is the operation responsible for unassigning a role from a user/group on a project/domain.

type UpdateOpts

type UpdateOpts struct {
	// Name is the name of the new role.
	Name string `json:"name,omitempty"`

	// Extra is free-form extra key/value pairs to describe the role.
	Extra map[string]interface{} `json:"-"`
}

UpdateOpts provides options for updating a role.

func (UpdateOpts) ToRoleUpdateMap

func (opts UpdateOpts) ToRoleUpdateMap() (map[string]interface{}, error)

ToRoleUpdateMap formats a UpdateOpts into an update request.

type UpdateOptsBuilder

type UpdateOptsBuilder interface {
	ToRoleUpdateMap() (map[string]interface{}, error)
}

UpdateOptsBuilder allows extensions to add additional parameters to the Update request.

type UpdateResult

type UpdateResult struct {
	// contains filtered or unexported fields
}

UpdateResult is the response from an Update operation. Call its Extract method to interpret it as a Role.

func Update

func Update(client *gophercloud.ServiceClient, roleID string, opts UpdateOptsBuilder) (r UpdateResult)

Update updates an existing Role.

func (UpdateResult) Extract

func (r UpdateResult) Extract() (*Role, error)

Extract interprets any roleResults as a Role.

type User

type User struct {
	Domain Domain `json:"domain,omitempty"`
	ID     string `json:"id,omitempty"`
	Name   string `json:"name,omitempty"`
}

User represents a user in a role assignment scope.

Directories

Path Synopsis
roles unit tests
roles unit tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL