feat(identity): add role inference list

openstack/identity/v3/roles/requests.go

@@ -405,3 +405,21 @@ func Unassign(client *gophercloud.ServiceClient, roleID string, opts UnassignOpt
 	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
 	return
 }
+
+// ListInferences lists all role inference rules.
+func ListInferences(client *gophercloud.ServiceClient) (r InferencesResult) {
+	resp, err := client.Get(listInferencesURL(client), &r.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}
+
+// ListInferencesOnRole lists implied (inference) roles for role.
+func ListInferencesOnRole(client *gophercloud.ServiceClient, roleID string) (r InferenceResult) {
+	resp, err := client.Get(listInferencesOnRoleURL(client, roleID), &r.Body, &gophercloud.RequestOpts{
+		OkCodes: []int{200},
+	})
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}

openstack/identity/v3/roles/results.go

@@ -227,3 +227,34 @@ type AssignmentResult struct {
 type UnassignmentResult struct {
 	gophercloud.ErrResult
 }
+
+type RoleInference struct {
+	PriorRole Role   `json:"prior_role"`
+	Implies   []Role `json:"implies"`
+}
+
+type InferenceResult struct {
+	gophercloud.Result
+}
+
+// Extract interprets role inferences results as a slice of RoleInference.
+func (r InferenceResult) Extract() (RoleInference, error) {
+	var s struct {
+		RoleInference RoleInference `json:"role_inference"`
+	}
+	err := r.ExtractInto(&s)
+	return s.RoleInference, err
+}
+
+type InferencesResult struct {
+	gophercloud.Result
+}
+
+// Extract interprets role inferences results as a slice of RoleInference.
+func (r InferencesResult) Extract() ([]RoleInference, error) {
+	var s struct {
+		RoleInferences []RoleInference `json:"role_inferences"`
+	}
+	err := r.ExtractInto(&s)
+	return s.RoleInferences, err
+}

openstack/identity/v3/roles/testing/fixtures_test.go

@@ -210,6 +210,110 @@ const ListAssignmentsOnResourceOutput = `
 }
 `
 
+// ListInferencesOutput provides a result of ListInferences request.
+const ListInferencesOutput = `
+{
+    "role_inferences": [
+        {
+            "prior_role": {
+                "id": "1acd3c5aa0e246b9a7427d252160dcd1",
+                "name": "prior role1 name",
+                "description": "prior role1 description",
+                "links": {
+                    "self": "http://example.com/identity/v3/roles/1acd3c5aa0e246b9a7427d252160dcd1"
+                }
+            },
+            "implies": [
+                {
+                    "id": "3602510e2e1f499589f78a0724dcf614",
+                    "name": "implied role1 name",
+                    "description": "implied role1 description",
+                    "links": {
+                        "self": "http://example.com/identity/v3/roles/3602510e2e1f499589f78a0724dcf614"
+                    }
+                },
+                {
+                    "id": "738289aeef684e73a987f7cf2ec6d925",
+                    "name": "implied role2 name",
+                    "description": "implied role2 description",
+                    "links": {
+                        "self": "http://example.com/identity/v3/roles/738289aeef684e73a987f7cf2ec6d925"
+                    }
+                }
+            ]
+        },
+        {
+            "prior_role": {
+                "id": "bbf7a5098bb34407b7164eb6ff9f144e",
+                "name": "prior role2 name",
+                "description": "prior role2 description",
+                "links": {
+                    "self": "http://example.com/identity/v3/roles/bbf7a5098bb34407b7164eb6ff9f144e"
+                }
+            },
+            "implies": [
+                {
+                    "id": "872b20ad124c4c1bafaef2b1aae316ab",
+                    "name": "implied role1 name",
+                    "description": "implied role1 description",
+                    "links": {
+                        "self": "http://example.com/identity/v3/roles/872b20ad124c4c1bafaef2b1aae316ab"
+                    }
+                },
+                {
+                    "id": "1d865b1b2da14cb7b05254677e5f36a2",
+                    "name": "implied role2 name",
+                    "description": "implied role2 description",
+                    "links": {
+                        "self": "http://example.com/identity/v3/roles/1d865b1b2da14cb7b05254677e5f36a2"
+                    }
+                }
+            ]
+        }
+    ],
+    "links": {
+        "self": "http://example.com/identity/v3/role_inferences"
+    }
+}
+`
+
+// ListInferencesOnRoleOutput provides a result of ListInferencesOnRole request.
+const ListInferencesOnRoleOutput = `
+{
+    "role_inference": {
+        "prior_role": {
+            "id": "1acd3c5aa0e246b9a7427d252160dcd1",
+            "name": "prior role1 name",
+            "description": "prior role1 description",
+            "links": {
+                "self": "http://example.com/identity/v3/roles/1acd3c5aa0e246b9a7427d252160dcd1"
+            }
+        },
+        "implies": [
+            {
+                "id": "3602510e2e1f499589f78a0724dcf614",
+                "name": "implied role1 name",
+                "description": "implied role1 description",
+                "links": {
+                    "self": "http://example.com/identity/v3/roles/3602510e2e1f499589f78a0724dcf614"
+                }
+            },
+            {
+                "id": "738289aeef684e73a987f7cf2ec6d925",
+                "name": "implied role2 name",
+                "description": "implied role2 description",
+                "links": {
+                    "self": "http://example.com/identity/v3/roles/738289aeef684e73a987f7cf2ec6d925"
+                }
+            }
+        ]
+    },
+    "links": {
+        "self": "http://example.com/identity/v3/roles/42c764f0c19146728dbfe73a49cc35c3/implies"
+    }
+}
+`
+
 // FirstRole is the first role in the List request.
 var FirstRole = roles.Role{
 	DomainID: "default",
@@ -514,3 +618,130 @@ func HandleListAssignmentsOnResourceSuccessfully_DomainsGroups(t *testing.T) {
 
 	th.Mux.HandleFunc("/domains/{domain_id}/groups/{group_id}/roles", fn)
 }
+
+// FirstRoleInferencePriorRole is the first prior role in the ListInferences request.
+var FirstRoleInferencePriorRole = roles.Role{
+	ID:   "1acd3c5aa0e246b9a7427d252160dcd1",
+	Name: "prior role1 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/1acd3c5aa0e246b9a7427d252160dcd1",
+	},
+	Extra: map[string]interface{}{
+		"description": "prior role1 description",
+	},
+}
+
+// FirstRoleInferenceImpliesRole1 is the first implied role of first prior role in the ListInferences request.
+var FirstRoleInferenceImpliesRole1 = roles.Role{
+	ID:   "3602510e2e1f499589f78a0724dcf614",
+	Name: "implied role1 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/3602510e2e1f499589f78a0724dcf614",
+	},
+	Extra: map[string]interface{}{
+		"description": "implied role1 description",
+	},
+}
+
+// FirstRoleInferenceImpliesRole2 is the second implied role of first prior role in the ListInferences request.
+var FirstRoleInferenceImpliesRole2 = roles.Role{
+	ID:   "738289aeef684e73a987f7cf2ec6d925",
+	Name: "implied role2 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/738289aeef684e73a987f7cf2ec6d925",
+	},
+	Extra: map[string]interface{}{
+		"description": "implied role2 description",
+	},
+}
+
+// SecondRoleInferencePriorRole is the second prior role in the ListInferences request.
+var SecondRoleInferencePriorRole = roles.Role{
+	ID:   "bbf7a5098bb34407b7164eb6ff9f144e",
+	Name: "prior role2 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/bbf7a5098bb34407b7164eb6ff9f144e",
+	},
+	Extra: map[string]interface{}{
+		"description": "prior role2 description",
+	},
+}
+
+// SecondRoleInferenceImpliesRole1 is the first implied role of second prior role in the ListInferences request.
+var SecondRoleInferenceImpliesRole1 = roles.Role{
+	ID:   "872b20ad124c4c1bafaef2b1aae316ab",
+	Name: "implied role1 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/872b20ad124c4c1bafaef2b1aae316ab",
+	},
+	Extra: map[string]interface{}{
+		"description": "implied role1 description",
+	},
+}
+
+// SecondRoleInferenceImpliesRole2 is the second implied role of second prior role in the ListInferences request.
+var SecondRoleInferenceImpliesRole2 = roles.Role{
+	ID:   "1d865b1b2da14cb7b05254677e5f36a2",
+	Name: "implied role2 name",
+	Links: map[string]interface{}{
+		"self": "http://example.com/identity/v3/roles/1d865b1b2da14cb7b05254677e5f36a2",
+	},
+	Extra: map[string]interface{}{
+		"description": "implied role2 description",
+	},
+}
+
+// ExpectedRoleInferencesSlice is the slice of role inferences expected to be returned from ListInferences.
+var ExpectedRoleInferencesSlice = []roles.RoleInference{
+	{
+		PriorRole: FirstRoleInferencePriorRole,
+		Implies: []roles.Role{
+			FirstRoleInferenceImpliesRole1,
+			FirstRoleInferenceImpliesRole2,
+		},
+	},
+	{
+		PriorRole: SecondRoleInferencePriorRole,
+		Implies: []roles.Role{
+			SecondRoleInferenceImpliesRole1,
+			SecondRoleInferenceImpliesRole2,
+		},
+	},
+}
+
+// ExpectedRoleInferencesOnRole is the role inferences expected to be returned from ListInferencesOnRole.
+var ExpectedRoleInferencesOnRole = roles.RoleInference{
+	PriorRole: FirstRoleInferencePriorRole,
+	Implies: []roles.Role{
+		FirstRoleInferenceImpliesRole1,
+		FirstRoleInferenceImpliesRole2,
+	},
+}
+
+// HandleListRoleInferencesSuccessfully creates an HTTP handler at `/role_inferences` on the
+// test handler mux that responds with a list of two role inferences.
+func HandleListRoleInferencesSuccessfully(t *testing.T) {
+	th.Mux.HandleFunc("/role_inferences", func(w http.ResponseWriter, r *http.Request) {
+		th.TestMethod(t, r, "GET")
+		th.TestHeader(t, r, "Accept", "application/json")
+		th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
+
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintf(w, ListInferencesOutput)
+	})
+}
+
+// HandleListRoleInferencesOnRoleSuccessfully creates an HTTP handler at `/role/{role_id}/implies` on the
+// test handler mux that responds with a role inference.
+func HandleListRoleInferencesOnRoleSuccessfully(t *testing.T) {
+	th.Mux.HandleFunc("/roles/{role_id}/implies", func(w http.ResponseWriter, r *http.Request) {
+		th.TestMethod(t, r, "GET")
+		th.TestHeader(t, r, "Accept", "application/json")
+		th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
+
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintf(w, ListInferencesOnRoleOutput)
+	})
+}

openstack/identity/v3/roles/testing/requests_test.go

@@ -342,3 +342,23 @@ func TestUnassign(t *testing.T) {
 	}).ExtractErr()
 	th.AssertNoErr(t, err)
 }
+
+func TestListInferences(t *testing.T) {
+	th.SetupHTTP()
+	defer th.TeardownHTTP()
+	HandleListRoleInferencesSuccessfully(t)
+
+	actual, err := roles.ListInferences(client.ServiceClient()).Extract()
+	th.AssertNoErr(t, err)
+	th.CheckDeepEquals(t, ExpectedRoleInferencesSlice, actual)
+}
+
+func TestListInferencesOnRole(t *testing.T) {
+	th.SetupHTTP()
+	defer th.TeardownHTTP()
+	HandleListRoleInferencesOnRoleSuccessfully(t)
+
+	actual, err := roles.ListInferencesOnRole(client.ServiceClient(), "{role_id}").Extract()
+	th.AssertNoErr(t, err)
+	th.CheckDeepEquals(t, ExpectedRoleInferencesOnRole, actual)
+}

openstack/identity/v3/roles/urls.go

@@ -37,3 +37,11 @@ func listAssignmentsOnResourceURL(client *gophercloud.ServiceClient, targetType,
 func assignURL(client *gophercloud.ServiceClient, targetType, targetID, actorType, actorID, roleID string) string {
 	return client.ServiceURL(targetType, targetID, actorType, actorID, rolePath, roleID)
 }
+
+func listInferencesOnRoleURL(client *gophercloud.ServiceClient, roleID string) string {
+	return client.ServiceURL(rolePath, roleID, "implies")
+}
+
+func listInferencesURL(client *gophercloud.ServiceClient) string {
+	return client.ServiceURL("role_inferences")
+}