re-work inference rule bindings

- At least one API was not implemented (list_implied_roles)
- the tests were lacking assertions and proper mocked responses
- some of the functionality just didn't work (see bug)
- returning Role objects instead of InferenceRule objects

Related commits:
 - I80a40e88b571fe9b0eca3af8b705ea79f28eb904
 - I66e863fb83f8dfcca2c48116d4377df060f402c3

Closes-Bug: 1647934
Change-Id: I7b449a93d7d4d3eb9ca857f6c1f78f884bad2534

keystoneclient/tests/functional/v3/client_fixtures.py

@@ -114,8 +114,8 @@ class InferenceRule(Base):
 
         self.ref = {'prior_role': self.prior_role,
                     'implied_role': self.implied_role}
-        self.entity = self.client.roles.create_implied(**self.ref)
+        self.entity = self.client.inference_rules.create(**self.ref)
-        self.addCleanup(self.client.roles.delete_implied, self.prior_role,
+        self.addCleanup(self.client.inference_rules.delete, self.prior_role,
                         self.implied_role)
 
 

keystoneclient/tests/functional/v3/test_implied_roles.py

@@ -48,11 +48,12 @@ class TestImpliedRoles(base.V3ClientTestCase):
         super(TestImpliedRoles, self).setUp()
 
     def test_implied_roles(self):
-        initial_rule_count = len(self.client.roles.list_role_inferences())
+        initial_rule_count = (
+            len(self.client.inference_rules.list_inference_roles()))
 
         self.create_roles()
         self.create_rules()
-        rule_count = len(self.client.roles.list_role_inferences())
+        rule_count = len(self.client.inference_rules.list_inference_roles())
         self.assertEqual(initial_rule_count + len(inference_rules),
                          rule_count)
 

keystoneclient/tests/unit/v3/test_roles.py

@@ -599,70 +599,226 @@ class RoleTests(utils.ClientTestCase, utils.CrudTests):
             group=group_id,
             user=user_id)
 
-    def test_implied_role_check(self):
+
+class DeprecatedImpliedRoleTests(utils.ClientTestCase):
+    def setUp(self):
+        super(DeprecatedImpliedRoleTests, self).setUp()
+        self.key = 'role'
+        self.collection_key = 'roles'
+        self.model = roles.Role
+        self.manager = self.client.roles
+
+    def test_implied_create(self):
+        prior_id = uuid.uuid4().hex
+        prior_name = uuid.uuid4().hex
+        implied_id = uuid.uuid4().hex
+        implied_name = uuid.uuid4().hex
+
+        mock_response = {
+            "role_inference": {
+                "implies": {
+                    "id": implied_id,
+                    "links": {"self": "http://host/v3/roles/%s" % implied_id},
+                    "name": implied_name
+                },
+                "prior_role": {
+                    "id": prior_id,
+                    "links": {"self": "http://host/v3/roles/%s" % prior_id},
+                    "name": prior_name
+                }
+            }
+        }
+
+        self.stub_url('PUT',
+                      ['roles', prior_id, 'implies', implied_id],
+                      json=mock_response,
+                      status_code=201)
+
+        with self.deprecations.expect_deprecations_here():
+            manager_result = self.manager.create_implied(prior_id, implied_id)
+            self.assertIsInstance(manager_result, roles.InferenceRule)
+            self.assertEqual(mock_response['role_inference']['implies'],
+                             manager_result.implies)
+            self.assertEqual(mock_response['role_inference']['prior_role'],
+                             manager_result.prior_role)
+
+
+class ImpliedRoleTests(utils.ClientTestCase, utils.CrudTests):
+    def setUp(self):
+        super(ImpliedRoleTests, self).setUp()
+        self.key = 'role_inference'
+        self.collection_key = 'role_inferences'
+        self.model = roles.InferenceRule
+        self.manager = self.client.inference_rules
+
+    def test_check(self):
         prior_role_id = uuid.uuid4().hex
         implied_role_id = uuid.uuid4().hex
         self.stub_url('HEAD',
                       ['roles', prior_role_id, 'implies', implied_role_id],
                       status_code=200)
 
-        self.manager.check_implied(prior_role_id, implied_role_id)
+        result = self.manager.check(prior_role_id, implied_role_id)
+        self.assertTrue(result)
 
-    def test_implied_role_get(self):
+    def test_get(self):
-        prior_role_id = uuid.uuid4().hex
+        prior_id = uuid.uuid4().hex
-        implied_role_id = uuid.uuid4().hex
+        prior_name = uuid.uuid4().hex
-        self.stub_url('GET',
+        implied_id = uuid.uuid4().hex
-                      ['roles', prior_role_id, 'implies', implied_role_id],
+        implied_name = uuid.uuid4().hex
-                      json={'role': {}},
-                      status_code=204)
 
-        self.manager.get_implied(prior_role_id, implied_role_id)
+        mock_response = {
-
-    def test_implied_role_create(self):
-        prior_role_id = uuid.uuid4().hex
-        implied_role_id = uuid.uuid4().hex
-        test_json = {
             "role_inference": {
-                "prior_role": {
-                    "id": prior_role_id,
-                    "links": {},
-                    "name": "prior role name"
-                },
                 "implies": {
-                    "id": implied_role_id,
+                    "id": implied_id,
-                    "links": {},
+                    "links": {"self": "http://host/v3/roles/%s" % implied_id},
-                    "name": "implied role name"
+                    "name": implied_name
+                },
+                "prior_role": {
+                    "id": prior_id,
+                    "links": {"self": "http://host/v3/roles/%s" % prior_id},
+                    "name": prior_name
                 }
-            },
+            }
-            "links": {}
+        }
+
+        self.stub_url('GET',
+                      ['roles', prior_id, 'implies', implied_id],
+                      json=mock_response,
+                      status_code=200)
+
+        manager_result = self.manager.get(prior_id, implied_id)
+        self.assertIsInstance(manager_result, roles.InferenceRule)
+        self.assertEqual(mock_response['role_inference']['implies'],
+                         manager_result.implies)
+        self.assertEqual(mock_response['role_inference']['prior_role'],
+                         manager_result.prior_role)
+
+    def test_create(self):
+        prior_id = uuid.uuid4().hex
+        prior_name = uuid.uuid4().hex
+        implied_id = uuid.uuid4().hex
+        implied_name = uuid.uuid4().hex
+
+        mock_response = {
+            "role_inference": {
+                "implies": {
+                    "id": implied_id,
+                    "links": {"self": "http://host/v3/roles/%s" % implied_id},
+                    "name": implied_name
+                },
+                "prior_role": {
+                    "id": prior_id,
+                    "links": {"self": "http://host/v3/roles/%s" % prior_id},
+                    "name": prior_name
+                }
+            }
         }
 
         self.stub_url('PUT',
-                      ['roles', prior_role_id, 'implies', implied_role_id],
+                      ['roles', prior_id, 'implies', implied_id],
-                      json=test_json,
+                      json=mock_response,
-                      status_code=200)
+                      status_code=201)
 
-        returned_rule = self.manager.create_implied(
+        manager_result = self.manager.create(prior_id, implied_id)
-            prior_role_id, implied_role_id)
 
-        self.assertEqual(test_json['role_inference']['implies'],
+        self.assertIsInstance(manager_result, roles.InferenceRule)
-                         returned_rule.implies)
+        self.assertEqual(mock_response['role_inference']['implies'],
-        self.assertEqual(test_json['role_inference']['prior_role'],
+                         manager_result.implies)
-                         returned_rule.prior_role)
+        self.assertEqual(mock_response['role_inference']['prior_role'],
+                         manager_result.prior_role)
 
-    def test_implied_role_delete(self):
+    def test_delete(self):
         prior_role_id = uuid.uuid4().hex
         implied_role_id = uuid.uuid4().hex
         self.stub_url('DELETE',
                       ['roles', prior_role_id, 'implies', implied_role_id],
-                      status_code=200)
-
-        self.manager.delete_implied(prior_role_id, implied_role_id)
-
-    def test_list_role_inferences(self, **kwargs):
-        self.stub_url('GET',
-                      ['role_inferences', ''],
-                      json={'role_inferences': {}},
                       status_code=204)
 
-        self.manager.list_role_inferences()
+        status, body = self.manager.delete(prior_role_id, implied_role_id)
+        self.assertEqual(204, status.status_code)
+        self.assertIsNone(body)
+
+    def test_list_role_inferences(self):
+        prior_id = uuid.uuid4().hex
+        prior_name = uuid.uuid4().hex
+        implied_id = uuid.uuid4().hex
+        implied_name = uuid.uuid4().hex
+
+        mock_response = {
+            "role_inferences": [{
+                "implies": [{
+                    "id": implied_id,
+                    "links": {"self": "http://host/v3/roles/%s" % implied_id},
+                    "name": implied_name
+                }],
+                "prior_role": {
+                    "id": prior_id,
+                    "links": {"self": "http://host/v3/roles/%s" % prior_id},
+                    "name": prior_name
+                }
+            }]
+        }
+
+        self.stub_url('GET',
+                      ['role_inferences'],
+                      json=mock_response,
+                      status_code=200)
+        manager_result = self.manager.list_inference_roles()
+        self.assertEqual(1, len(manager_result))
+        self.assertIsInstance(manager_result[0], roles.InferenceRule)
+        self.assertEqual(mock_response['role_inferences'][0]['implies'],
+                         manager_result[0].implies)
+        self.assertEqual(mock_response['role_inferences'][0]['prior_role'],
+                         manager_result[0].prior_role)
+
+    def test_list(self):
+        prior_id = uuid.uuid4().hex
+        prior_name = uuid.uuid4().hex
+        implied_id = uuid.uuid4().hex
+        implied_name = uuid.uuid4().hex
+
+        mock_response = {
+            "role_inference": {
+                "implies": [{
+                    "id": implied_id,
+                    "links": {"self": "http://host/v3/roles/%s" % implied_id},
+                    "name": implied_name
+                }],
+                "prior_role": {
+                    "id": prior_id,
+                    "links": {"self": "http://host/v3/roles/%s" % prior_id},
+                    "name": prior_name
+                }
+            },
+            "links": {"self": "http://host/v3/roles/%s/implies" % prior_id}
+        }
+
+        self.stub_url('GET',
+                      ['roles', prior_id, 'implies'],
+                      json=mock_response,
+                      status_code=200)
+
+        manager_result = self.manager.list(prior_id)
+        self.assertIsInstance(manager_result, roles.InferenceRule)
+        self.assertEqual(1, len(manager_result.implies))
+        self.assertEqual(mock_response['role_inference']['implies'],
+                         manager_result.implies)
+        self.assertEqual(mock_response['role_inference']['prior_role'],
+                         manager_result.prior_role)
+
+    def test_update(self):
+        # Update not supported for rule inferences
+        self.assertRaises(exceptions.MethodNotImplemented, self.manager.update)
+
+    def test_find(self):
+        # Find not supported for rule inferences
+        self.assertRaises(exceptions.MethodNotImplemented, self.manager.find)
+
+    def test_put(self):
+        # Put not supported for rule inferences
+        self.assertRaises(exceptions.MethodNotImplemented, self.manager.put)
+
+    def test_list_params(self):
+        # Put not supported for rule inferences
+        self.skipTest("list params not supported by rule inferences")

keystoneclient/v3/client.py

@@ -225,6 +225,7 @@ class Client(httpclient.HTTPClient):
         self.role_assignments = (
             role_assignments.RoleAssignmentManager(self._adapter))
         self.roles = roles.RoleManager(self._adapter)
+        self.inference_rules = roles.InferenceRuleManager(self._adapter)
         self.services = services.ServiceManager(self._adapter)
         self.simple_cert = simple_cert.SimpleCertManager(self._adapter)
         self.tokens = tokens.TokenManager(self._adapter)

keystoneclient/v3/roles.py

@@ -14,6 +14,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from debtcollector import removals
 from positional import positional
 
 from keystoneclient import base
@@ -35,7 +36,7 @@ class Role(base.Resource):
 
 
 class InferenceRule(base.Resource):
-    """Represents an Rule that states one ROle implies another.
+    """Represents a rule that states one role implies another.
 
     Attributes:
         * prior_role: this role implies the other
@@ -52,6 +53,7 @@ class RoleManager(base.CrudManager):
     resource_class = Role
     collection_key = 'roles'
     key = 'role'
+    deprecation_msg = 'keystoneclient.v3.roles.InferenceRuleManager'
 
     def _role_grants_base_url(self, user, group, domain, project,
                               use_inherit_extension):
@@ -118,92 +120,6 @@ class RoleManager(base.CrudManager):
             domain_id=domain_id,
             **kwargs)
 
-    def _implied_role_url_tail(self, prior_role, implied_role):
-        base_url = ('/%(prior_role_id)s/implies/%(implied_role_id)s' %
-                    {'prior_role_id': base.getid(prior_role),
-                     'implied_role_id': base.getid(implied_role)})
-        return base_url
-
-    def create_implied(self, prior_role, implied_role, **kwargs):
-        """Create an inference rule.
-
-        :param prior_role: the role which implies ``implied_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param implied_role: the role which is implied by ``prior_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param kwargs: any other attribute provided will be passed to the
-                       server.
-
-        """
-        url_tail = self._implied_role_url_tail(prior_role, implied_role)
-        resp, body = self.client.put("/roles" + url_tail, **kwargs)
-        return self.resource_class(self, body['role_inference'])
-
-    def delete_implied(self, prior_role, implied_role, **kwargs):
-        """Delete an inference rule.
-
-        :param prior_role: the role which implies ``implied_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param implied_role: the role which is implied by ``prior_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param kwargs: any other attribute provided will be passed to the
-                       server.
-
-        :returns: Response object with 204 status.
-        :rtype: :class:`requests.models.Response`
-
-        """
-        url_tail = self._implied_role_url_tail(prior_role, implied_role)
-        return super(RoleManager, self).delete(tail=url_tail, **kwargs)
-
-    def get_implied(self, prior_role, implied_role, **kwargs):
-        """Retrieve an inference rule.
-
-        :param prior_role: the role which implies ``implied_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param implied_role: the role which is implied by ``prior_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param kwargs: any other attribute provided will be passed to the
-                       server.
-
-        :returns: the specified role inference returned from server.
-        :rtype: :class:`keystoneclient.v3.roles.InferenceRule`
-
-        """
-        url_tail = self._implied_role_url_tail(prior_role, implied_role)
-        return super(RoleManager, self).get(tail=url_tail, **kwargs)
-
-    def check_implied(self, prior_role, implied_role, **kwargs):
-        """Check if an inference rule exists.
-
-        :param prior_role: the role which implies ``implied_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param implied_role: the role which is implied by ``prior_role``.
-        :type role: str or :class:`keystoneclient.v3.roles.Role`
-        :param kwargs: any other attribute provided will be passed to the
-                       server.
-
-        :returns: response object with 200 status returned from server.
-        :rtype: :class:`requests.models.Response`
-
-        """
-        url_tail = self._implied_role_url_tail(prior_role, implied_role)
-        return super(RoleManager, self).head(tail=url_tail, **kwargs)
-
-    def list_role_inferences(self, **kwargs):
-        """List role inferences.
-
-        :param kwargs: attributes provided will be passed to the server.
-
-        :returns: a list of roles inferences.
-        :rtype: list of :class:`keystoneclient.v3.roles.InferenceRule`
-
-        """
-        resp, body = self.client.get('/role_inferences/', **kwargs)
-        obj_class = InferenceRule
-        return [obj_class(self, res, loaded=True)
-                for res in body['role_inferences']]
-
     def get(self, role):
         """Retrieve a role.
 
@@ -440,3 +356,181 @@ class RoleManager(base.CrudManager):
             role_id=base.getid(role),
             os_inherit_extension_inherited=os_inherit_extension_inherited,
             **kwargs)
+
+    @removals.remove(message='Use %s.create instead.' % deprecation_msg,
+                     version='3.9.0', removal_version='4.0.0')
+    def create_implied(self, prior_role, implied_role, **kwargs):
+        return InferenceRuleManager(self.client).create(prior_role,
+                                                        implied_role)
+
+    @removals.remove(message='Use %s.delete instead.' % deprecation_msg,
+                     version='3.9.0', removal_version='4.0.0')
+    def delete_implied(self, prior_role, implied_role, **kwargs):
+        return InferenceRuleManager(self.client).delete(prior_role,
+                                                        implied_role)
+
+    @removals.remove(message='Use %s.get instead.' % deprecation_msg,
+                     version='3.9.0', removal_version='4.0.0')
+    def get_implied(self, prior_role, implied_role, **kwargs):
+        return InferenceRuleManager(self.client).get(prior_role,
+                                                     implied_role)
+
+    @removals.remove(message='Use %s.check instead.' % deprecation_msg,
+                     version='3.9.0', removal_version='4.0.0')
+    def check_implied(self, prior_role, implied_role, **kwargs):
+        return InferenceRuleManager(self.client).check(prior_role,
+                                                       implied_role)
+
+    @removals.remove(message='Use %s.list_inference_roles' % deprecation_msg,
+                     version='3.9.0', removal_version='4.0.0')
+    def list_role_inferences(self, **kwargs):
+        return InferenceRuleManager(self.client).list_inference_roles()
+
+
+class InferenceRuleManager(base.CrudManager):
+    """Manager class for manipulating Identity inference rules."""
+
+    resource_class = InferenceRule
+    collection_key = 'role_inferences'
+    key = 'role_inference'
+
+    def _implied_role_url_tail(self, prior_role, implied_role):
+        base_url = ('/%(prior_role_id)s/implies/%(implied_role_id)s' %
+                    {'prior_role_id': base.getid(prior_role),
+                     'implied_role_id': base.getid(implied_role)})
+        return base_url
+
+    def create(self, prior_role, implied_role):
+        """Create an inference rule.
+
+        An inference rule is comprised of two roles, a prior role and an
+        implied role. The prior role will imply the implied role.
+
+        Valid HTTP return codes:
+
+            * 201: Resource is created successfully
+            * 404: A role cannot be found
+            * 409: The inference rule already exists
+
+        :param prior_role: the role which implies ``implied_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+        :param implied_role: the role which is implied by ``prior_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+
+        :returns: a newly created role inference returned from server.
+        :rtype: :class:`keystoneclient.v3.roles.InferenceRule`
+
+        """
+        url_tail = self._implied_role_url_tail(prior_role, implied_role)
+        _resp, body = self.client.put("/roles" + url_tail)
+        return self.resource_class(self, body['role_inference'])
+
+    def delete(self, prior_role, implied_role):
+        """Delete an inference rule.
+
+        When deleting an inference rule, both roles are required. Note that
+        neither role is deleted, only the inference relationship is dissolved.
+
+        Valid HTTP return codes:
+
+            * 204: Delete request is accepted
+            * 404: A role cannot be found
+
+        :param prior_role: the role which implies ``implied_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+        :param implied_role: the role which is implied by ``prior_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+
+        :returns: Response object with 204 status.
+        :rtype: :class:`requests.models.Response`
+
+        """
+        url_tail = self._implied_role_url_tail(prior_role, implied_role)
+        return self.client.delete("/roles" + url_tail)
+
+    def get(self, prior_role, implied_role):
+        """Retrieve an inference rule.
+
+        Valid HTTP return codes:
+
+            * 200: Inference rule is returned
+            * 404: A role cannot be found
+
+        :param prior_role: the role which implies ``implied_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+        :param implied_role: the role which is implied by ``prior_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+
+        :returns: the specified role inference returned from server.
+        :rtype: :class:`keystoneclient.v3.roles.InferenceRule`
+
+        """
+        url_tail = self._implied_role_url_tail(prior_role, implied_role)
+        _resp, body = self.client.get("/roles" + url_tail)
+        return self.resource_class(self, body['role_inference'])
+
+    def list(self, prior_role):
+        """List all roles that a role may imply.
+
+        Valid HTTP return codes:
+
+            * 200: List of inference rules are returned
+            * 404: A role cannot be found
+
+        :param prior_role: the role which implies ``implied_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+
+        :returns: the specified role inference returned from server.
+        :rtype: :class:`keystoneclient.v3.roles.InferenceRule`
+
+        """
+        url_tail = ('/%s/implies' % base.getid(prior_role))
+        _resp, body = self.client.get("/roles" + url_tail)
+        return self.resource_class(self, body['role_inference'])
+
+    def check(self, prior_role, implied_role):
+        """Check if an inference rule exists.
+
+        Valid HTTP return codes:
+
+            * 204: The rule inference exists
+            * 404: A role cannot be found
+
+        :param prior_role: the role which implies ``implied_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+        :param implied_role: the role which is implied by ``prior_role``.
+        :type role: str or :class:`keystoneclient.v3.roles.Role`
+
+        :returns: response object with 204 status returned from server.
+        :rtype: :class:`requests.models.Response`
+
+        """
+        url_tail = self._implied_role_url_tail(prior_role, implied_role)
+        return self.client.head("/roles" + url_tail)
+
+    def list_inference_roles(self):
+        """List all rule inferences.
+
+        Valid HTTP return codes:
+
+            * 200: All inference rules are returned
+
+        :param kwargs: attributes provided will be passed to the server.
+
+        :returns: a list of inference rules.
+        :rtype: list of :class:`keystoneclient.v3.roles.InferenceRule`
+
+        """
+        return super(InferenceRuleManager, self).list()
+
+    def update(self, **kwargs):
+        raise exceptions.MethodNotImplemented(
+            _('Update not supported for rule inferences'))
+
+    def find(self, **kwargs):
+        raise exceptions.MethodNotImplemented(
+            _('Find not supported for rule inferences'))
+
+    def put(self, **kwargs):
+        raise exceptions.MethodNotImplemented(
+            _('Put not supported for rule inferences'))