feat: add /roles endpoint (#11)

FEATURES:
- added new endpoint `/roles` to display all available for assigning roles.

IMPROVEMENTS:
- removed hard-coded roles from codebase.

Author: icerzack

examples/federation-with-user/main.go

@@ -12,6 +12,14 @@ import (
 	"github.com/selectel/iam-go/service/users"
 )
 
+const (
+	// Account/Project reader.
+	Reader string = "reader"
+
+	// Account scope.
+	AccountScope string = "account"
+)
+
 var (
 	// KeystoneToken
 	token          = "gAAAAA..."
@@ -88,7 +96,7 @@ func main() {
 			ExternalID: userExternalID,
 			ID:         federation.ID,
 		},
-		Roles: []roles.Role{{Scope: roles.Account, RoleName: roles.Reader}},
+		Roles: []roles.Role{{Scope: AccountScope, RoleName: Reader}},
 	})
 	if err != nil {
 		fmt.Println(err)

examples/group-with-user/main.go

@@ -11,6 +11,17 @@ import (
 	"github.com/selectel/iam-go/service/users"
 )
 
+const (
+	// Account/Project reader.
+	Reader string = "reader"
+
+	// Account/Project member.
+	Member string = "member"
+
+	// Account scope.
+	AccountScope string = "account"
+)
+
 var (
 	// KeystoneToken
 	token          = "gAAAAA..."
@@ -52,7 +63,7 @@ func main() {
 		AuthType:   users.Local,
 		Email:      email,
 		Federation: nil,
-		Roles:      []roles.Role{{Scope: roles.Account, RoleName: roles.Reader}},
+		Roles:      []roles.Role{{Scope: AccountScope, RoleName: Reader}},
 		GroupIDs:   []string{group.ID},
 	})
 	if err != nil {
@@ -61,11 +72,11 @@ func main() {
 	}
 	fmt.Printf("Step 2: Created User ID: %s Keystone ID: %s\n", user.ID, user.KeystoneID)
 
-	err = groupsAPI.AssignRoles(ctx, group.ID, []roles.Role{{Scope: roles.Account, RoleName: roles.Member}})
+	err = groupsAPI.AssignRoles(ctx, group.ID, []roles.Role{{Scope: AccountScope, RoleName: Member}})
 	if err != nil {
 		log.Fatal(err)
 	}
-	fmt.Printf("Step 3: Assigned Role %s with scope %s to Group ID: %s\n", roles.Member, roles.Account, group.ID)
+	fmt.Printf("Step 3: Assigned Role %s with scope %s to Group ID: %s\n", Member, AccountScope, group.ID)
 
 	updatedGroup, err := groupsAPI.Update(ctx, group.ID, groups.UpdateRequest{Name: updatedGroupName,
 		Description: &updatedDescription})

examples/serviceuser-create-update-delete/main.go

@@ -9,6 +9,14 @@ import (
 	"github.com/selectel/iam-go/service/serviceusers"
 )
 
+const (
+	// Billing administrator.
+	Billing string = "billing"
+
+	// Account scope.
+	AccountScope string = "account"
+)
+
 var (
 	// KeystoneToken
 	token          = "gAAAAA..."
@@ -44,7 +52,7 @@ func main() {
 		Enabled:  true,
 		Name:     name,
 		Password: password,
-		Roles:    []roles.Role{{Scope: roles.Account, RoleName: roles.Billing}},
+		Roles:    []roles.Role{{Scope: AccountScope, RoleName: Billing}},
 	})
 	if err != nil {
 		fmt.Println(err)

examples/transfer-role/main.go

@@ -9,6 +9,14 @@ import (
 	"github.com/selectel/iam-go/service/users"
 )
 
+const (
+	// Billing administrator.
+	Billing string = "billing"
+
+	// Account scope.
+	AccountScope string = "account"
+)
+
 func main() {
 	// KeystoneToken
 	token := "gAAAAA..."
@@ -46,7 +54,7 @@ func main() {
 	var chosenUser *users.User
 	for _, user := range allUsers.Users {
 		for _, role := range user.Roles {
-			if role.RoleName == roles.Billing && user.ID != "account_root" {
+			if role.RoleName == Billing && user.ID != "account_root" {
 				chosenUser = &user
 				break
 			}
@@ -57,18 +65,18 @@ func main() {
 	}
 
 	if chosenUser == nil {
-		fmt.Println("No billing role was found")
+		fmt.Printf("No %s role was found\n", Billing)
 		return
 	}
 
 	// Step 1
-	fmt.Printf("Step 1: User %s with the Billing role was found\n", chosenUser.ID)
+	fmt.Printf("Step 1: User %s with the %s role was found\n", chosenUser.ID, Billing)
 
 	// Unassign the role.
 	err = usersAPI.UnassignRoles(
 		ctx,
 		chosenUser.ID,
-		[]roles.Role{{Scope: roles.Account, RoleName: roles.Billing}},
+		[]roles.Role{{Scope: AccountScope, RoleName: Billing}},
 	)
 
 	// Handle the error.
@@ -78,13 +86,13 @@ func main() {
 	}
 
 	// Step 2
-	fmt.Printf("Step 2: Unassigned the Billing role from User %s \n", chosenUser.ID)
+	fmt.Printf("Step 2: Unassigned the %s role from User %s \n", Billing, chosenUser.ID)
 
 	// Assign the role.
 	err = usersAPI.AssignRoles(
 		ctx,
 		userID,
-		[]roles.Role{{Scope: roles.Account, RoleName: roles.Billing}},
+		[]roles.Role{{Scope: AccountScope, RoleName: Billing}},
 	)
 
 	// Handle the error.
@@ -93,5 +101,5 @@ func main() {
 	}
 
 	// Step 3
-	fmt.Printf("Step 3: Assigned the Billing role to User %s \n", userID)
+	fmt.Printf("Step 3: Assigned the %s role to User %s \n", Billing, userID)
 }

examples/user-create-delete/main.go

@@ -9,6 +9,14 @@ import (
 	"github.com/selectel/iam-go/service/users"
 )
 
+const (
+	// Billing administrator.
+	Billing string = "billing"
+
+	// Account scope.
+	AccountScope string = "account"
+)
+
 var (
 	// KeystoneToken
 	token          = "gAAAAA..."
@@ -44,7 +52,7 @@ func main() {
 		AuthType:   users.Local,
 		Email:      email,
 		Federation: nil,
-		Roles:      []roles.Role{{Scope: roles.Account, RoleName: roles.Billing}},
+		Roles:      []roles.Role{{Scope: AccountScope, RoleName: Billing}},
 	})
 	// Handle the error.
 	if err != nil {

iam.go

@@ -9,6 +9,7 @@ import (
 	baseclient "github.com/selectel/iam-go/internal/client"
 	"github.com/selectel/iam-go/service/federations/saml"
 	"github.com/selectel/iam-go/service/groups"
+	"github.com/selectel/iam-go/service/roles"
 	"github.com/selectel/iam-go/service/s3credentials"
 	"github.com/selectel/iam-go/service/serviceusers"
 	"github.com/selectel/iam-go/service/users"
@@ -56,6 +57,9 @@ type Client struct {
 	// Groups instance is used to make requests against Selectel IAM API and manage Groups of users.
 	Groups *groups.Service
 
+	// Roles instance is used to make requests against Selectel IAM API and list available roles.
+	Roles *roles.Service
+
 	// S3Credentials instance is used to make requests against Selectel IAM API and manage S3 Credentials.
 	S3Credentials *s3credentials.Service
 
@@ -132,6 +136,7 @@ func New(opts ...Option) (*Client, error) {
 	c.Users = users.New(c.baseClient)
 	c.ServiceUsers = serviceusers.New(c.baseClient)
 	c.Groups = groups.New(c.baseClient)
+	c.Roles = roles.New(c.baseClient)
 	c.S3Credentials = s3credentials.New(c.baseClient)
 	c.SAMLFederations = saml.New(c.baseClient)
 

iam_test.go

@@ -12,6 +12,7 @@ import (
 	baseclient "github.com/selectel/iam-go/internal/client"
 	"github.com/selectel/iam-go/service/federations/saml"
 	"github.com/selectel/iam-go/service/groups"
+	"github.com/selectel/iam-go/service/roles"
 	"github.com/selectel/iam-go/service/s3credentials"
 	"github.com/selectel/iam-go/service/serviceusers"
 	"github.com/selectel/iam-go/service/users"
@@ -62,6 +63,7 @@ func TestNew(t *testing.T) {
 					Users:           users.New(baseClient),
 					ServiceUsers:    serviceusers.New(baseClient),
 					Groups:          groups.New(baseClient),
+					Roles:           roles.New(baseClient),
 					S3Credentials:   s3credentials.New(baseClient),
 					SAMLFederations: saml.New(baseClient),
 				}
@@ -105,6 +107,7 @@ func TestNew(t *testing.T) {
 					Users:           users.New(baseClient),
 					ServiceUsers:    serviceusers.New(baseClient),
 					Groups:          groups.New(baseClient),
+					Roles:           roles.New(baseClient),
 					S3Credentials:   s3credentials.New(baseClient),
 					SAMLFederations: saml.New(baseClient),
 				}
@@ -141,6 +144,7 @@ func TestNew(t *testing.T) {
 					Users:           users.New(baseClient),
 					ServiceUsers:    serviceusers.New(baseClient),
 					Groups:          groups.New(baseClient),
+					Roles:           roles.New(baseClient),
 					S3Credentials:   s3credentials.New(baseClient),
 					SAMLFederations: saml.New(baseClient),
 				}

service/groups/requests_test.go

@@ -17,6 +17,12 @@ import (
 )
 
 const (
+	// Account scope.
+	AccountScope string = "account"
+
+	// Account/Project member.
+	Member string = "member"
+
 	groupsURL   = "iam/v1/groups"
 	groupsIDURL = "iam/v1/groups/123"
 	rolesURL    = "iam/v1/groups/123/roles"
@@ -45,7 +51,7 @@ func TestList(t *testing.T) {
 					Name:        "test_name",
 					Description: "test_description",
 					Roles: []roles.Role{
-						{Scope: roles.Account, RoleName: roles.Member},
+						{Scope: AccountScope, RoleName: Member},
 					},
 				},
 			}},
@@ -120,7 +126,7 @@ func TestGet(t *testing.T) {
 					Name:        "test_name",
 					Description: "test_description",
 					Roles: []roles.Role{
-						{Scope: roles.Account, RoleName: roles.Member},
+						{Scope: AccountScope, RoleName: Member},
 					},
 				},
 				ServiceUsers: []ServiceUser{
@@ -432,7 +438,7 @@ func TestAssignRoles(t *testing.T) {
 			args: args{
 				groupID: "123",
 				roles: []roles.Role{
-					{Scope: roles.Account, RoleName: roles.Member},
+					{Scope: AccountScope, RoleName: Member},
 				},
 			},
 			prepare: func() {
@@ -449,7 +455,7 @@ func TestAssignRoles(t *testing.T) {
 			args: args{
 				groupID: "123",
 				roles: []roles.Role{
-					{Scope: roles.Account, RoleName: roles.Member},
+					{Scope: AccountScope, RoleName: Member},
 				},
 			},
 			prepare: func() {
@@ -502,7 +508,7 @@ func TestUnassignRoles(t *testing.T) {
 			args: args{
 				groupID: "123",
 				roles: []roles.Role{
-					{Scope: roles.Account, RoleName: roles.Member},
+					{Scope: AccountScope, RoleName: Member},
 				},
 			},
 			prepare: func() {
@@ -519,7 +525,7 @@ func TestUnassignRoles(t *testing.T) {
 			args: args{
 				groupID: "123",
 				roles: []roles.Role{
-					{Scope: roles.Account, RoleName: roles.Member},
+					{Scope: AccountScope, RoleName: Member},
 				},
 			},
 			prepare: func() {

service/roles/doc.go

@@ -0,0 +1,2 @@
+// Package roles provides a client for interacting with the Selectel Roles API.
+package roles

service/roles/requests.go

@@ -0,0 +1,49 @@
+package roles
+
+import (
+	"context"
+	"net/http"
+	"net/url"
+
+	"github.com/selectel/iam-go/iamerrors"
+	"github.com/selectel/iam-go/internal/client"
+)
+
+const apiVersion = "iam/v1"
+
+// Service is used to communicate with the Roles API.
+type Service struct {
+	baseClient *client.BaseClient
+}
+
+// New initialises Service with the given client.
+func New(baseClient *client.BaseClient) *Service {
+	return &Service{
+		baseClient: baseClient,
+	}
+}
+
+// List returns a list of roles available for assignment.
+func (s *Service) List(ctx context.Context) (*ListResponse, error) {
+	path, err := url.JoinPath(apiVersion, "roles")
+	if err != nil {
+		return nil, iamerrors.Error{Err: iamerrors.ErrInternalAppError, Desc: err.Error()}
+	}
+
+	response, err := s.baseClient.DoRequest(ctx, client.DoRequestInput{
+		Body:   nil,
+		Method: http.MethodGet,
+		Path:   path,
+	})
+	if err != nil {
+		//nolint:wrapcheck // DoRequest already wraps the error.
+		return nil, err
+	}
+
+	var roles ListResponse
+	err = client.UnmarshalJSON(response, &roles)
+	if err != nil {
+		return nil, iamerrors.Error{Err: iamerrors.ErrInternalAppError, Desc: err.Error()}
+	}
+	return &roles, nil
+}