Support system scope in v3 auth

zhsj · zhsj · commit 468fea8d24e0 · 2020-03-27T13:09:27.000+08:00
https://docs.openstack.org/api-ref/identity/v3/?expanded=password-authentication-with-scoped-authorization-detail#system-scoped-example https://github.com/openstack/keystone/blob/f5c9b094af8442219e75265a87551873e058003b/keystone/auth/schema.py#L97-L102
diff --git a/auth_options.go b/auth_options.go
@@ -98,6 +98,7 @@ type AuthScope struct {
 	ProjectName string
 	DomainID    string
 	DomainName  string
+	System      bool
 }
 
 // ToTokenV2CreateMap allows AuthOptions to satisfy the AuthOptionsBuilder
@@ -364,6 +365,14 @@ func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error) {
 		}
 	}
 
+	if opts.Scope.System {
+		return map[string]interface{}{
+			"system": map[string]interface{}{
+				"all": true,
+			},
+		}, nil
+	}
+
 	if opts.Scope.ProjectName != "" {
 		// ProjectName provided: either DomainID or DomainName must also be supplied.
 		// ProjectID may not be supplied.
diff --git a/openstack/identity/v3/tokens/requests.go b/openstack/identity/v3/tokens/requests.go
@@ -8,6 +8,7 @@ type Scope struct {
 	ProjectName string
 	DomainID    string
 	DomainName  string
+	System      bool
 }
 
 // AuthOptionsBuilder provides the ability for extensions to add additional
diff --git a/openstack/identity/v3/tokens/testing/requests_test.go b/openstack/identity/v3/tokens/testing/requests_test.go
@@ -275,6 +275,31 @@ func TestCreateProjectNameAndDomainNameScope(t *testing.T) {
 	`)
 }
 
+func TestCreateSystemScope(t *testing.T) {
+	options := tokens.AuthOptions{UserID: "fenris", Password: "g0t0h311"}
+	scope := &tokens.Scope{System: true}
+	authTokenPost(t, options, scope, `
+		{
+			"auth": {
+				"identity": {
+					"methods": ["password"],
+					"password": {
+						"user": {
+							"id": "fenris",
+							"password": "g0t0h311"
+						}
+					}
+				},
+				"scope": {
+					"system": {
+						"all": true
+					}
+				}
+			}
+		}
+	`)
+}
+
 func TestCreateApplicationCredentialIDAndSecret(t *testing.T) {
 	authTokenPost(t, tokens.AuthOptions{ApplicationCredentialID: "12345abcdef", ApplicationCredentialSecret: "mysecret"}, nil, `
 		{

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ type Scope struct {`
`8`	`8`	`ProjectName string`
`9`	`9`	`DomainID string`
`10`	`10`	`DomainName string`
	`11`	`+ System bool`
`11`	`12`	`}`
`12`	`13`
`13`	`14`	`// AuthOptionsBuilder provides the ability for extensions to add additional`