openstack
/
python-keystoneclient
Code Issues Proposed changes

Merge "re-work inference rule bindings"

This commit is contained in:
Jenkins 2016-12-21 14:24:54 +00:00 committed by Gerrit Code Review
parent d12de79636 0b00c0e7b1
commit 004450040c
5 changed files with 387 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keystoneclient/tests/functional/v3/client_fixtures.py
View File

@ -114,8 +114,8 @@ class InferenceRule(Base):
self.ref = {'prior_role': self.prior_role,
'implied_role': self.implied_role}
self.entity = self.client.roles.create_implied(**self.ref)
self.addCleanup(self.client.roles.delete_implied, self.prior_role,
self.entity = self.client.inference_rules.create(**self.ref)
self.addCleanup(self.client.inference_rules.delete, self.prior_role,
self.implied_role)

5
keystoneclient/tests/functional/v3/test_implied_roles.py
View File

@ -48,11 +48,12 @@ class TestImpliedRoles(base.V3ClientTestCase):
super(TestImpliedRoles, self).setUp()
def test_implied_roles(self):
initial_rule_count = len(self.client.roles.list_role_inferences())
initial_rule_count = (
len(self.client.inference_rules.list_inference_roles()))
self.create_roles()
self.create_rules()
rule_count = len(self.client.roles.list_role_inferences())
rule_count = len(self.client.inference_rules.list_inference_roles())
self.assertEqual(initial_rule_count + len(inference_rules),
rule_count)

244
keystoneclient/tests/unit/v3/test_roles.py
View File

@ -599,70 +599,226 @@ class RoleTests(utils.ClientTestCase, utils.CrudTests):
group=group_id,
user=user_id)
def test_implied_role_check(self):
class DeprecatedImpliedRoleTests(utils.ClientTestCase):
def setUp(self):
super(DeprecatedImpliedRoleTests, self).setUp()
self.key = 'role'
self.collection_key = 'roles'
self.model = roles.Role
self.manager = self.client.roles
def test_implied_create(self):
prior_id = uuid.uuid4().hex
prior_name = uuid.uuid4().hex
implied_id = uuid.uuid4().hex
implied_name = uuid.uuid4().hex
mock_response = {
"role_inference": {
"implies": {
"id": implied_id,
"links": {"self": "http://host/v3/roles/%s" % implied_id},
"name": implied_name
},
"prior_role": {
"id": prior_id,
"links": {"self": "http://host/v3/roles/%s" % prior_id},
"name": prior_name
}
}
}
self.stub_url('PUT',
['roles', prior_id, 'implies', implied_id],
json=mock_response,
status_code=201)
with self.deprecations.expect_deprecations_here():
manager_result = self.manager.create_implied(prior_id, implied_id)
self.assertIsInstance(manager_result, roles.InferenceRule)
self.assertEqual(mock_response['role_inference']['implies'],
manager_result.implies)
self.assertEqual(mock_response['role_inference']['prior_role'],
manager_result.prior_role)
class ImpliedRoleTests(utils.ClientTestCase, utils.CrudTests):
def setUp(self):
super(ImpliedRoleTests, self).setUp()
self.key = 'role_inference'
self.collection_key = 'role_inferences'
self.model = roles.InferenceRule
self.manager = self.client.inference_rules
def test_check(self):
prior_role_id = uuid.uuid4().hex
implied_role_id = uuid.uuid4().hex
self.stub_url('HEAD',
['roles', prior_role_id, 'implies', implied_role_id],
status_code=200)
self.manager.check_implied(prior_role_id, implied_role_id)
result = self.manager.check(prior_role_id, implied_role_id)
self.assertTrue(result)
def test_implied_role_get(self):
prior_role_id = uuid.uuid4().hex
implied_role_id = uuid.uuid4().hex
self.stub_url('GET',
['roles', prior_role_id, 'implies', implied_role_id],
json={'role': {}},
status_code=204)
def test_get(self):
prior_id = uuid.uuid4().hex
prior_name = uuid.uuid4().hex
implied_id = uuid.uuid4().hex
implied_name = uuid.uuid4().hex
self.manager.get_implied(prior_role_id, implied_role_id)
def test_implied_role_create(self):
prior_role_id = uuid.uuid4().hex
implied_role_id = uuid.uuid4().hex
test_json = {
mock_response = {
"role_inference": {
"prior_role": {
"id": prior_role_id,
"links": {},
"name": "prior role name"
},
"implies": {
"id": implied_role_id,
"links": {},
"name": "implied role name"
"id": implied_id,
"links": {"self": "http://host/v3/roles/%s" % implied_id},
"name": implied_name
},
"prior_role": {
"id": prior_id,
"links": {"self": "http://host/v3/roles/%s" % prior_id},
"name": prior_name
}
},
"links": {}
}
}
self.stub_url('GET',
['roles', prior_id, 'implies', implied_id],
json=mock_response,
status_code=200)
manager_result = self.manager.get(prior_id, implied_id)
self.assertIsInstance(manager_result, roles.InferenceRule)
self.assertEqual(mock_response['role_inference']['implies'],
manager_result.implies)
self.assertEqual(mock_response['role_inference']['prior_role'],
manager_result.prior_role)
def test_create(self):
prior_id = uuid.uuid4().hex
prior_name = uuid.uuid4().hex
implied_id = uuid.uuid4().hex
implied_name = uuid.uuid4().hex
mock_response = {
"role_inference": {
"implies": {
"id": implied_id,
"links": {"self": "http://host/v3/roles/%s" % implied_id},
"name": implied_name
},
"prior_role": {
"id": prior_id,
"links": {"self": "http://host/v3/roles/%s" % prior_id},
"name": prior_name
}
}
}
self.stub_url('PUT',
['roles', prior_role_id, 'implies', implied_role_id],
json=test_json,
status_code=200)
['roles', prior_id, 'implies', implied_id],
json=mock_response,
status_code=201)
returned_rule = self.manager.create_implied(
prior_role_id, implied_role_id)
manager_result = self.manager.create(prior_id, implied_id)
self.assertEqual(test_json['role_inference']['implies'],
returned_rule.implies)
self.assertEqual(test_json['role_inference']['prior_role'],
returned_rule.prior_role)
self.assertIsInstance(manager_result, roles.InferenceRule)
self.assertEqual(mock_response['role_inference']['implies'],
manager_result.implies)
self.assertEqual(mock_response['role_inference']['prior_role'],
manager_result.prior_role)
def test_implied_role_delete(self):
def test_delete(self):
prior_role_id = uuid.uuid4().hex
implied_role_id = uuid.uuid4().hex
self.stub_url('DELETE',
['roles', prior_role_id, 'implies', implied_role_id],
status_code=200)
self.manager.delete_implied(prior_role_id, implied_role_id)
def test_list_role_inferences(self, **kwargs):
self.stub_url('GET',
['role_inferences', ''],
json={'role_inferences': {}},
status_code=204)
self.manager.list_role_inferences()
status, body = self.manager.delete(prior_role_id, implied_role_id)
self.assertEqual(204, status.status_code)
self.assertIsNone(body)
def test_list_role_inferences(self):
prior_id = uuid.uuid4().hex
prior_name = uuid.uuid4().hex
implied_id = uuid.uuid4().hex
implied_name = uuid.uuid4().hex
mock_response = {
"role_inferences": [{
"implies": [{
"id": implied_id,
"links": {"self": "http://host/v3/roles/%s" % implied_id},
"name": implied_name
}],
"prior_role": {
"id": prior_id,
"links": {"self": "http://host/v3/roles/%s" % prior_id},
"name": prior_name
}
}]
}
self.stub_url('GET',
['role_inferences'],
json=mock_response,
status_code=200)
manager_result = self.manager.list_inference_roles()
self.assertEqual(1, len(manager_result))
self.assertIsInstance(manager_result[0], roles.InferenceRule)
self.assertEqual(mock_response['role_inferences'][0]['implies'],
manager_result[0].implies)
self.assertEqual(mock_response['role_inferences'][0]['prior_role'],
manager_result[0].prior_role)
def test_list(self):
prior_id = uuid.uuid4().hex
prior_name = uuid.uuid4().hex
implied_id = uuid.uuid4().hex
implied_name = uuid.uuid4().hex
mock_response = {
"role_inference": {
"implies": [{
"id": implied_id,
"links": {"self": "http://host/v3/roles/%s" % implied_id},
"name": implied_name
}],
"prior_role": {
"id": prior_id,
"links": {"self": "http://host/v3/roles/%s" % prior_id},
"name": prior_name
}
},
"links": {"self": "http://host/v3/roles/%s/implies" % prior_id}
}
self.stub_url('GET',
['roles', prior_id, 'implies'],
json=mock_response,
status_code=200)
manager_result = self.manager.list(prior_id)
self.assertIsInstance(manager_result, roles.InferenceRule)
self.assertEqual(1, len(manager_result.implies))
self.assertEqual(mock_response['role_inference']['implies'],
manager_result.implies)
self.assertEqual(mock_response['role_inference']['prior_role'],
manager_result.prior_role)
def test_update(self):
# Update not supported for rule inferences
self.assertRaises(exceptions.MethodNotImplemented, self.manager.update)
def test_find(self):
# Find not supported for rule inferences
self.assertRaises(exceptions.MethodNotImplemented, self.manager.find)
def test_put(self):
# Put not supported for rule inferences
self.assertRaises(exceptions.MethodNotImplemented, self.manager.put)
def test_list_params(self):
# Put not supported for rule inferences
self.skipTest("list params not supported by rule inferences")

1
keystoneclient/v3/client.py
View File

@ -225,6 +225,7 @@ class Client(httpclient.HTTPClient):
self.role_assignments = (
role_assignments.RoleAssignmentManager(self._adapter))
self.roles = roles.RoleManager(self._adapter)
self.inference_rules = roles.InferenceRuleManager(self._adapter)
self.services = services.ServiceManager(self._adapter)
self.simple_cert = simple_cert.SimpleCertManager(self._adapter)
self.tokens = tokens.TokenManager(self._adapter)

268
keystoneclient/v3/roles.py
View File

@ -14,6 +14,7 @@
# License for the specific language governing permissions and limitations
# under the License.
from debtcollector import removals
from positional import positional
from keystoneclient import base
@ -35,7 +36,7 @@ class Role(base.Resource):
class InferenceRule(base.Resource):
"""Represents an Rule that states one ROle implies another.
"""Represents a rule that states one role implies another.
Attributes:
* prior_role: this role implies the other
@ -52,6 +53,7 @@ class RoleManager(base.CrudManager):
resource_class = Role
collection_key = 'roles'
key = 'role'
deprecation_msg = 'keystoneclient.v3.roles.InferenceRuleManager'
def _role_grants_base_url(self, user, group, domain, project,
use_inherit_extension):
@ -118,92 +120,6 @@ class RoleManager(base.CrudManager):
domain_id=domain_id,
**kwargs)
def _implied_role_url_tail(self, prior_role, implied_role):
base_url = ('/%(prior_role_id)s/implies/%(implied_role_id)s' %
{'prior_role_id': base.getid(prior_role),
'implied_role_id': base.getid(implied_role)})
return base_url
def create_implied(self, prior_role, implied_role, **kwargs):
"""Create an inference rule.
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param kwargs: any other attribute provided will be passed to the
server.
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
resp, body = self.client.put("/roles" + url_tail, **kwargs)
return self.resource_class(self, body['role_inference'])
def delete_implied(self, prior_role, implied_role, **kwargs):
"""Delete an inference rule.
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param kwargs: any other attribute provided will be passed to the
server.
:returns: Response object with 204 status.
:rtype: :class:`requests.models.Response`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
return super(RoleManager, self).delete(tail=url_tail, **kwargs)
def get_implied(self, prior_role, implied_role, **kwargs):
"""Retrieve an inference rule.
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param kwargs: any other attribute provided will be passed to the
server.
:returns: the specified role inference returned from server.
:rtype: :class:`keystoneclient.v3.roles.InferenceRule`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
return super(RoleManager, self).get(tail=url_tail, **kwargs)
def check_implied(self, prior_role, implied_role, **kwargs):
"""Check if an inference rule exists.
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param kwargs: any other attribute provided will be passed to the
server.
:returns: response object with 200 status returned from server.
:rtype: :class:`requests.models.Response`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
return super(RoleManager, self).head(tail=url_tail, **kwargs)
def list_role_inferences(self, **kwargs):
"""List role inferences.
:param kwargs: attributes provided will be passed to the server.
:returns: a list of roles inferences.
:rtype: list of :class:`keystoneclient.v3.roles.InferenceRule`
"""
resp, body = self.client.get('/role_inferences/', **kwargs)
obj_class = InferenceRule
return [obj_class(self, res, loaded=True)
for res in body['role_inferences']]
def get(self, role):
"""Retrieve a role.
@ -440,3 +356,181 @@ class RoleManager(base.CrudManager):
role_id=base.getid(role),
os_inherit_extension_inherited=os_inherit_extension_inherited,
**kwargs)
@removals.remove(message='Use %s.create instead.' % deprecation_msg,
version='3.9.0', removal_version='4.0.0')
def create_implied(self, prior_role, implied_role, **kwargs):
return InferenceRuleManager(self.client).create(prior_role,
implied_role)
@removals.remove(message='Use %s.delete instead.' % deprecation_msg,
version='3.9.0', removal_version='4.0.0')
def delete_implied(self, prior_role, implied_role, **kwargs):
return InferenceRuleManager(self.client).delete(prior_role,
implied_role)
@removals.remove(message='Use %s.get instead.' % deprecation_msg,
version='3.9.0', removal_version='4.0.0')
def get_implied(self, prior_role, implied_role, **kwargs):
return InferenceRuleManager(self.client).get(prior_role,
implied_role)
@removals.remove(message='Use %s.check instead.' % deprecation_msg,
version='3.9.0', removal_version='4.0.0')
def check_implied(self, prior_role, implied_role, **kwargs):
return InferenceRuleManager(self.client).check(prior_role,
implied_role)
@removals.remove(message='Use %s.list_inference_roles' % deprecation_msg,
version='3.9.0', removal_version='4.0.0')
def list_role_inferences(self, **kwargs):
return InferenceRuleManager(self.client).list_inference_roles()
class InferenceRuleManager(base.CrudManager):
"""Manager class for manipulating Identity inference rules."""
resource_class = InferenceRule
collection_key = 'role_inferences'
key = 'role_inference'
def _implied_role_url_tail(self, prior_role, implied_role):
base_url = ('/%(prior_role_id)s/implies/%(implied_role_id)s' %
{'prior_role_id': base.getid(prior_role),
'implied_role_id': base.getid(implied_role)})
return base_url
def create(self, prior_role, implied_role):
"""Create an inference rule.
An inference rule is comprised of two roles, a prior role and an
implied role. The prior role will imply the implied role.
Valid HTTP return codes:
* 201: Resource is created successfully
* 404: A role cannot be found
* 409: The inference rule already exists
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:returns: a newly created role inference returned from server.
:rtype: :class:`keystoneclient.v3.roles.InferenceRule`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
_resp, body = self.client.put("/roles" + url_tail)
return self.resource_class(self, body['role_inference'])
def delete(self, prior_role, implied_role):
"""Delete an inference rule.
When deleting an inference rule, both roles are required. Note that
neither role is deleted, only the inference relationship is dissolved.
Valid HTTP return codes:
* 204: Delete request is accepted
* 404: A role cannot be found
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:returns: Response object with 204 status.
:rtype: :class:`requests.models.Response`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
return self.client.delete("/roles" + url_tail)
def get(self, prior_role, implied_role):
"""Retrieve an inference rule.
Valid HTTP return codes:
* 200: Inference rule is returned
* 404: A role cannot be found
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:returns: the specified role inference returned from server.
:rtype: :class:`keystoneclient.v3.roles.InferenceRule`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
_resp, body = self.client.get("/roles" + url_tail)
return self.resource_class(self, body['role_inference'])
def list(self, prior_role):
"""List all roles that a role may imply.
Valid HTTP return codes:
* 200: List of inference rules are returned
* 404: A role cannot be found
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:returns: the specified role inference returned from server.
:rtype: :class:`keystoneclient.v3.roles.InferenceRule`
"""
url_tail = ('/%s/implies' % base.getid(prior_role))
_resp, body = self.client.get("/roles" + url_tail)
return self.resource_class(self, body['role_inference'])
def check(self, prior_role, implied_role):
"""Check if an inference rule exists.
Valid HTTP return codes:
* 204: The rule inference exists
* 404: A role cannot be found
:param prior_role: the role which implies ``implied_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:param implied_role: the role which is implied by ``prior_role``.
:type role: str or :class:`keystoneclient.v3.roles.Role`
:returns: response object with 204 status returned from server.
:rtype: :class:`requests.models.Response`
"""
url_tail = self._implied_role_url_tail(prior_role, implied_role)
return self.client.head("/roles" + url_tail)
def list_inference_roles(self):
"""List all rule inferences.
Valid HTTP return codes:
* 200: All inference rules are returned
:param kwargs: attributes provided will be passed to the server.
:returns: a list of inference rules.
:rtype: list of :class:`keystoneclient.v3.roles.InferenceRule`
"""
return super(InferenceRuleManager, self).list()
def update(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Update not supported for rule inferences'))
def find(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Find not supported for rule inferences'))
def put(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Put not supported for rule inferences'))