Revert "Add manager for access rules config"

This reverts commit e1d31eda34.

In the Train PTG[1] we agreed to defer this feature until we had some
kind of traceability or discoverability for APIs and that this wasn't
feasible or useful until then.

This change was merged to master but never released, so I submit that
it is safe to revert.

[1] https://etherpad.openstack.org/p/keystone-train-ptg-application-credentials

Change-Id: I2cefe9363842101ac6b55947352b91fe9def7cc1

keystone/access_rules_config/__init__.py

@@ -1,15 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.access_rules_config.core import *  # noqa

keystone/access_rules_config/core.py

@@ -1,59 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-"""List access rules."""
-
-from keystone.common import cache
-from keystone.common import manager
-import keystone.conf
-
-
-CONF = keystone.conf.CONF
-MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
-
-
-class Manager(manager.Manager):
-
-    driver_namespace = 'keystone.access_rules_config'
-    _provides_api = 'access_rules_config_api'
-
-    def __init__(self):
-        super(Manager, self).__init__(CONF.access_rules_config.driver)
-
-    def list_access_rules_config(self, service=None):
-        """List access rules config.
-
-        :param str service: filter by service type
-
-        :returns: a list of configured access rules. Access rules are
-                  permission objects composing of a service, a URL path, and an
-                  HTTP method.
-
-        """
-        return self.driver.list_access_rules_config(service)
-
-    @MEMOIZE
-    def check_access_rule(self, service, request_path, request_method):
-        """Check access rule.
-
-        :param str service: service type of rule to check
-        :param str request_path: endpoint path to check
-        :param str request_method: API HTTP method to check
-
-        :returns: boolean indicating whether the rule matches one of the
-                  configured access rules
-
-        """
-        return self.driver.check_access_rule(service, request_path,
-                                             request_method)

keystone/server/backends.py

@@ -13,7 +13,6 @@ import sys
 
 from oslo_log import log
 
-from keystone import access_rules_config
 from keystone import application_credential
 from keystone import assignment
 from keystone import auth
@@ -49,8 +48,7 @@ def load_backends():
     cache.configure_cache(region=identity.ID_MAPPING_REGION)
     cache.configure_invalidation_region()
 
-    managers = [access_rules_config.Manager,
-                application_credential.Manager, assignment.Manager,
+    managers = [application_credential.Manager, assignment.Manager,
                 catalog.Manager, credential.Manager,
                 credential.provider.Manager, resource.DomainConfigManager,
                 endpoint_policy.Manager, federation.Manager,

keystone/tests/unit/access_rules_config/test_backends.py

@@ -1,45 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import provider_api
-from keystone.tests import unit
-from keystone.tests.unit.ksfixtures import access_rules_config
-
-PROVIDERS = provider_api.ProviderAPIs
-
-
-class AccessRulesConfigTest(unit.TestCase):
-
-    def setUp(self):
-        super(AccessRulesConfigTest, self).setUp()
-        rules_file = '%s/access_rules.json' % unit.TESTCONF
-        self.useFixture(access_rules_config.AccessRulesConfig(
-            self.config_fixture, rules_file=rules_file))
-        self.load_backends()
-
-    def test_list_access_rules_config(self):
-        rules = PROVIDERS.access_rules_config_api.list_access_rules_config()
-        self.assertIn('identity', rules)
-        self.assertIn('image', rules)
-
-    def test_list_access_rules_config_for_service(self):
-        rules = PROVIDERS.access_rules_config_api.list_access_rules_config(
-            service='image')
-        self.assertNotIn('identity', rules)
-        self.assertIn('image', rules)
-
-    def test_check_access_rule(self):
-        result = PROVIDERS.access_rules_config_api.check_access_rule(
-            'identity', '/v3/users', 'GET')
-        self.assertTrue(result)