openstack
diff --git a/‎doc/source/cli/command-objects/implied_role.rst‎
Lines changed: 57 additions & 0 deletions b/‎doc/source/cli/command-objects/implied_role.rst‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎openstackclient/identity/v3/implied_role.py‎
Lines changed: 129 additions & 0 deletions b/‎openstackclient/identity/v3/implied_role.py‎
Lines changed: 129 additions & 0 deletions
diff --git a/‎openstackclient/tests/unit/identity/v3/fakes.py‎
Lines changed: 24 additions & 0 deletions b/‎openstackclient/tests/unit/identity/v3/fakes.py‎
Lines changed: 24 additions & 0 deletions
@@ -0,0 +1,57 @@
+============
+implied role
+============
+
+Identity v3
+
+
+implied role create
+-------------------
+
+Creates an association between prior and implied roles
+
+.. program:: implied role create
+.. code:: bash
+
+    openstack implied role create
+        <role>
+        --implied-role <role>
+
+.. option:: <role>
+
+    Prior role <role> (name or ID) implies another role
+
+.. option:: --implied-role <role>
+
+    <role> (name or ID) implied by another role
+
+
+implied role delete
+-------------------
+
+Deletes an association between prior and implied roles
+
+.. program:: implied role delete
+.. code:: bash
+
+    openstack implied role delete
+        <role>
+        --implied-role <role>
+
+.. option:: <role>
+
+    Prior role <role> (name or ID) implies another role
+
+.. option:: --implied-role <role>
+
+    <role> (name or ID) implied by another role
+
+implied role list
+-----------------
+
+List implied roles
+
+.. program:: implied role list
+.. code:: bash
+
+    openstack implied role list
@@ -0,0 +1,129 @@
+#   Copyright 2012-2013 OpenStack Foundation
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+"""Identity v3 Implied Role action implementations"""
+
+import logging
+
+from osc_lib.command import command
+import six
+
+from openstackclient.i18n import _
+
+
+LOG = logging.getLogger(__name__)
+
+
+def _get_role_ids(identity_client, parsed_args):
+    """Return prior and implied role id(s)
+
+    If prior and implied role id(s) are retrievable from identity
+    client, return tuple containing them.
+    """
+    role_id = None
+    implied_role_id = None
+
+    roles = identity_client.roles.list()
+
+    for role in roles:
+        role_id_or_name = (role.name, role.id)
+
+        if parsed_args.role in role_id_or_name:
+            role_id = role.id
+        elif parsed_args.implied_role in role_id_or_name:
+            implied_role_id = role.id
+
+    return (role_id, implied_role_id)
+
+
+class CreateImpliedRole(command.ShowOne):
+
+    _description = _("Creates an association between prior and implied roles")
+
+    def get_parser(self, prog_name):
+        parser = super(CreateImpliedRole, self).get_parser(prog_name)
+        parser.add_argument(
+            'role',
+            metavar='<role>',
+            help=_('Role (name or ID) that implies another role'),
+        )
+        parser.add_argument(
+            '--implied-role',
+            metavar='<role>',
+            help='<role> (name or ID) implied by another role',
+            required=True,
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        identity_client = self.app.client_manager.identity
+        (prior_role_id, implied_role_id) = _get_role_ids(
+            identity_client, parsed_args)
+        response = identity_client.roles.create_implied(
+            prior_role_id, implied_role_id)
+        response._info.pop('links', None)
+        return zip(*sorted([(k, v['id'])
+                            for k, v in six.iteritems(response._info)]))
+
+
+class DeleteImpliedRole(command.Command):
+
+    _description = _("Deletes an association between prior and implied roles")
+
+    def get_parser(self, prog_name):
+        parser = super(DeleteImpliedRole, self).get_parser(prog_name)
+        parser.add_argument(
+            'role',
+            metavar='<role>',
+            help=_('Role (name or ID) that implies another role'),
+        )
+        parser.add_argument(
+            '--implied-role',
+            metavar='<role>',
+            help='<role> (name or ID) implied by another role',
+            required=True,
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        identity_client = self.app.client_manager.identity
+        (prior_role_id, implied_role_id) = _get_role_ids(
+            identity_client, parsed_args)
+        identity_client.roles.delete_implied(
+            prior_role_id, implied_role_id)
+
+
+class ListImpliedRole(command.Lister):
+
+    _description = _("List implied roles")
+    _COLUMNS = ['Prior Role ID', 'Prior Role Name',
+                'Implied Role ID', 'Implied Role Name']
+
+    def get_parser(self, prog_name):
+        parser = super(ListImpliedRole, self).get_parser(prog_name)
+        return parser
+
+    def take_action(self, parsed_args):
+        def _list_implied(response):
+            for rule in response:
+                for implies in rule.implies:
+                    yield (rule.prior_role['id'],
+                           rule.prior_role['name'],
+                           implies['id'],
+                           implies['name'])
+
+        identity_client = self.app.client_manager.identity
+        response = identity_client.roles.list_inference_roles()
+        return (self._COLUMNS, _list_implied(response))
@@ -184,6 +184,8 @@
     'links': base_url + 'roles/' + 'r2',
 }
 
+ROLES = [ROLE, ROLE_2]
+
 service_id = 's-123'
 service_name = 'Texaco'
 service_type = 'gas'
@@ -968,3 +970,25 @@ def create_one_role_assignment(attrs=None):
             info=copy.deepcopy(role_assignment_info), loaded=True)
 
         return role_assignment
+
+
+class FakeImpliedRoleResponse(object):
+    """Fake one or more role assignment."""
+    def __init__(self, prior_role, implied_roles):
+        self.prior_role = prior_role
+        self.implies = [role for role in implied_roles]
+
+    @staticmethod
+    def create_list():
+        """Create a fake implied role list response.
+
+        :return:
+            A list of FakeImpliedRoleResponse objects
+        """
+
+        # set default attributes.
+        implied_roles = [
+            FakeImpliedRoleResponse(ROLES[0], [ROLES[1]])
+        ]
+
+        return implied_roles