fakeサーバ実装: PermissionKey (#19)

apis/v1/example_test.go

@@ -262,3 +262,84 @@ func Example_permissions() {
 	// output:
 	// foobar
 }
+
+// Example_permissionKeys パーミッションのキー操作の例
+func Example_permissionKeys() {
+	token := os.Getenv("SAKURACLOUD_ACCESS_TOKEN")
+	secret := os.Getenv("SAKURACLOUD_ACCESS_TOKEN_SECRET")
+
+	client, err := v1.NewClientWithResponses(serverURL, func(c *v1.Client) error {
+		c.RequestEditors = []v1.RequestEditorFn{
+			v1.OjsAuthInterceptor(token, secret),
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	// サイトIDが必要になるためまずサイト一覧を取得
+	sitesResp, err := client.ListClustersWithResponse(context.Background())
+	if err != nil {
+		panic(err)
+	}
+
+	sites, err := sitesResp.Result()
+	if err != nil {
+		panic(err)
+	}
+	siteId := sites.Data[0].Id
+
+	// パーミッション作成
+	permissionResp, err := client.CreatePermissionWithResponse(context.Background(), siteId, v1.CreatePermissionJSONRequestBody{
+		BucketControls: v1.BucketControls{
+			{
+				BucketName: "bucket1",
+				CanRead:    true,
+				CanWrite:   true,
+			},
+		},
+		DisplayName: "foobar",
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	permission, err := permissionResp.Result()
+	if err != nil {
+		panic(err)
+	}
+
+	// パーミッションのキーを作成
+	keyResp, err := client.CreatePermissionAccessKeyWithResponse(context.Background(), siteId, permission.Data.Id)
+	if err != nil {
+		panic(err)
+	}
+
+	key, err := keyResp.Result()
+	if err != nil {
+		panic(err)
+	}
+
+	defer func() {
+		keyDeleteResp, err := client.DeletePermissionAccessKeyWithResponse(context.Background(), siteId, permission.Data.Id, key.Data.Id)
+		if err != nil {
+			panic(err)
+		}
+		if err := keyDeleteResp.Result(); err != nil {
+			panic(err)
+		}
+
+		permDeleteResp, err := client.DeletePermissionWithResponse(context.Background(), siteId, permission.Data.Id)
+		if err != nil {
+			panic(err)
+		}
+		if err := permDeleteResp.Result(); err != nil {
+			panic(err)
+		}
+	}()
+
+	fmt.Println(key.Data.Secret)
+	// output:
+	// secret
+}

apis/v1/spec/swagger.yaml

@@ -1162,7 +1162,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionKey'
+                $ref: '#/components/schemas/PermissionKeysResponseBody'
         '401':
           description: 認証に失敗しました
           content:
@@ -1214,7 +1214,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionKey'
+                $ref: '#/components/schemas/PermissionKeyResponseBody'
         '401':
           description: 認証に失敗しました
           content:
@@ -1279,7 +1279,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionKey'
+                $ref: '#/components/schemas/PermissionKeyResponseBody'
         '401':
           description: 認証に失敗しました
           content:
@@ -1486,6 +1486,26 @@ components:
       required:
         - data
 
+    # Note: PermissionKeyから分離
+    PermissionKeyResponseBody:
+      description: data type
+      type: object
+      properties:
+        data:
+          $ref: '#/components/schemas/PermissionKey'
+      required:
+        - data
+
+    # Note: PermissionKeyから分離
+    PermissionKeysResponseBody:
+      description: data type
+      type: object
+      properties:
+        data:
+          $ref: '#/components/schemas/PermissionKeys'
+      required:
+        - data
+
     # Note: model.Bucketからリネーム
     Bucket:
       type: object
@@ -1877,24 +1897,30 @@ components:
       required:
         - display_name
         - bucket_controls
+
+
+    # Note: PermissionKeyから分離
+    PermissionKeys:
+      description: Permission Keys
+      type: array
+      items:
+        $ref: '#/components/schemas/PermissionKey'
+
+    # Note: PermissionKey[s]ResponseBodyを切り出し
     PermissionKey:
       description: Permission Key
       type: object
       properties:
-        data:
-          description: data type
-          type: object
-          properties:
-            id:
-              $ref: '#/components/schemas/PermissionID'
-            secret:
-              $ref: '#/components/schemas/PermissionSecret'
-            created_at:
-              $ref: '#/components/schemas/CreatedAt'
-          required:
-            - id
-            - secret
-            - created_at
+        id:
+          $ref: '#/components/schemas/AccessKeyID'
+        secret:
+          $ref: '#/components/schemas/PermissionSecret'
+        created_at:
+          $ref: '#/components/schemas/CreatedAt'
+      required:
+        - id
+        - secret
+        - created_at
 
 #    Session:
 #      description: Session

apis/v1/stringer.go

@@ -90,3 +90,8 @@ func (v *SecretAccessKey) String() string {
 func (v PermissionID) String() string {
 	return fmt.Sprintf("%d", v)
 }
+
+// Int64 .
+func (v PermissionID) Int64() int64 {
+	return int64(v)
+}

fake/account_keys.go

@@ -24,39 +24,43 @@ import (
 
 // ListAccountAccessKeys サイトアカウントのアクセスキーの取得
 // (GET /{site_name}/v2/account/keys)
-func (engine *Engine) ListAccountAccessKeys(siteName string) ([]v1.AccountKey, error) {
+func (engine *Engine) ListAccountAccessKeys(siteId string) ([]v1.AccountKey, error) {
 	defer engine.rLock()()
 
-	if err := engine.siteAndAccountExist(siteName); err != nil {
+	if err := engine.siteAndAccountExist(siteId); err != nil {
 		return nil, err
 	}
 	return engine.accountKeys(), nil
 }
 
 // CreateAccountAccessKey サイトアカウントのアクセスキーの発行
 // (POST /{site_name}/v2/account/keys)
-func (engine *Engine) CreateAccountAccessKey(siteName string) (*v1.AccountKey, error) {
+func (engine *Engine) CreateAccountAccessKey(siteId string) (*v1.AccountKey, error) {
 	defer engine.lock()()
-	if err := engine.siteAndAccountExist(siteName); err != nil {
+	if err := engine.siteAndAccountExist(siteId); err != nil {
 		return nil, err
 	}
 
+	// Note: 本来はサイトに紐づくアカウントキーが存在する場合はエラーにすべきだが、
+	//       fakeではサイトごとにデータが分離されていないため未チェックとなっている。
+	//       サイトが実質1つなので問題はないと思われる。今後サイトが増えるようであれば実装を検討する。
+
 	key := &v1.AccountKey{
 		CreatedAt: v1.CreatedAt(time.Now()),
 		Id:        v1.AccessKeyID(fmt.Sprintf("%d", engine.nextId())),
 		Secret:    "secret", // fakeでは固定値を返す
 	}
 
 	engine.AccountKeys = append(engine.AccountKeys, key)
-	return key, nil
+	return engine.copyAccountKey(key)
 }
 
 // DeleteAccountAccessKey サイトアカウントのアクセスキーの削除
 // (DELETE /{site_name}/v2/account/keys/{id})
-func (engine *Engine) DeleteAccountAccessKey(siteName string, id string) error {
+func (engine *Engine) DeleteAccountAccessKey(siteId string, id string) error {
 	defer engine.lock()()
 
-	if err := engine.siteAndAccountExist(siteName); err != nil {
+	if err := engine.siteAndAccountExist(siteId); err != nil {
 		return err
 	}
 
@@ -77,16 +81,21 @@ func (engine *Engine) DeleteAccountAccessKey(siteName string, id string) error {
 
 // ReadAccountAccessKey サイトアカウントのアクセスキーの取得
 // (GET /{site_name}/v2/account/keys/{id})
-func (engine *Engine) ReadAccountAccessKey(siteName string, id string) (*v1.AccountKey, error) {
+func (engine *Engine) ReadAccountAccessKey(siteId string, id string) (*v1.AccountKey, error) {
 	defer engine.rLock()()
 
-	if err := engine.siteAndAccountExist(siteName); err != nil {
+	if err := engine.siteAndAccountExist(siteId); err != nil {
 		return nil, err
 	}
 
 	key := engine.getAccountKeyById(id)
 	if key != nil {
-		return engine.copyAccountKey(key)
+		k, err := engine.copyAccountKey(key)
+		if err != nil {
+			return nil, err
+		}
+		k.Secret = "" // 新規作成時のみ参照できる項目
+		return k, nil
 	}
 	return nil, NewError(ErrorTypeNotFound, "account_key", id, "アカウントキーが存在しません。id: %s", id)
 }
@@ -110,7 +119,6 @@ func (engine *Engine) copyAccountKey(source *v1.AccountKey) (*v1.AccountKey, err
 	if err := deepcopy.Copy(&key, source); err != nil {
 		return nil, err
 	}
-	key.Secret = "" // 新規作成時のみ参照できる項目
 	return &key, nil
 }