From f9fdc296bc6f2c1f7d6196352b754a7617c4f2d2 Mon Sep 17 00:00:00 2001
From: Sean McGinnis <sean.mcginnis@gmail.com>
Date: Tue, 23 Oct 2018 15:37:38 -0500
Subject: [PATCH] Remove deprecated identity commands and args

The following were deprecated over two years ago and can now be
removed/changed:

* Remove ``service create`` option ``--type``
* Remove ``role list`` options ``--project`` and ``--user``
* Remove ``user role list`` command

These are backwards incompatible changes and will require a major
version bump after they are merged.

Change-Id: I29e2fc9516dffbfd83eef0bc91e834dde99b4105
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
---
 doc/source/cli/backwards-incompatible.rst     |  18 ++
 doc/source/cli/command-objects/role.rst       |  58 +----
 doc/source/cli/command-objects/user-role.rst  |  27 --
 openstackclient/identity/v2_0/role.py         | 148 +----------
 openstackclient/identity/v2_0/service.py      |  30 +--
 openstackclient/identity/v3/role.py           | 125 +---------
 .../tests/functional/identity/v2/test_role.py |  32 ---
 .../tests/functional/identity/v3/test_role.py |  41 ----
 .../tests/unit/identity/v2_0/test_role.py     | 133 +---------
 .../tests/unit/identity/v2_0/test_service.py  |  45 +---
 .../tests/unit/identity/v3/test_role.py       | 232 ------------------
 .../notes/osc4-identity-6564257c67d43106.yaml |  12 +
 setup.cfg                                     |   2 -
 13 files changed, 56 insertions(+), 847 deletions(-)
 delete mode 100644 doc/source/cli/command-objects/user-role.rst
 create mode 100644 releasenotes/notes/osc4-identity-6564257c67d43106.yaml

diff --git a/doc/source/cli/backwards-incompatible.rst b/doc/source/cli/backwards-incompatible.rst
index a86ce35977..51743cb2b2 100644
--- a/doc/source/cli/backwards-incompatible.rst
+++ b/doc/source/cli/backwards-incompatible.rst
@@ -31,6 +31,24 @@ Release 4.0
   * Removed in: 4.0
   * Commit: https://review.opendev.org/612781
 
+3. Remove ``service create`` option ``--type``.  Service type is
+   a positional argument.
+
+  * Removed in: 4.0
+  * Commit: https://review.opendev.org/612798
+
+4. Remove ``role list`` options ``--project`` and ``--user``.
+   Use ``role assignment list`` options ``--project`` and ``--user`` instead.
+
+  * Removed in: 4.0
+  * Commit: https://review.opendev.org/612798
+
+5. Remove ``user role list`` command.
+   Use ``role assignment list`` options ``--project`` and ``--user`` instead.
+
+  * Removed in: 4.0
+  * Commit: https://review.opendev.org/612798
+
 .. 1. Change ``volume transfer request accept`` to use new option ``--auth-key``
 ..    rather than a second positional argument.
 
diff --git a/doc/source/cli/command-objects/role.rst b/doc/source/cli/command-objects/role.rst
index 9819fd1231..e2a2b457a0 100644
--- a/doc/source/cli/command-objects/role.rst
+++ b/doc/source/cli/command-objects/role.rst
@@ -146,68 +146,12 @@ List roles
 .. code:: bash
 
     openstack role list
-        --domain <domain> | --project <project> [--project-domain <project-domain>]
-        --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
-        --inherited
+        [--domain <domain>]
 
 .. option:: --domain <domain>
 
     Filter roles by <domain> (name or ID)
 
-    (Deprecated if being used to list assignments in conjunction with the
-    ``--user <user>``, option, please use ``role assignment list`` instead)
-
-.. option:: --project <project>
-
-    Filter roles by <project> (name or ID)
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-.. option:: --user <user>
-
-    Filter roles by <user> (name or ID)
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-.. option:: --group <group>
-
-    Filter roles by <group> (name or ID)
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-.. option:: --user-domain <user-domain>
-
-    Domain the user belongs to (name or ID).
-    This can be used in case collisions between user names exist.
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-    .. versionadded:: 3
-
-.. option:: --group-domain <group-domain>
-
-    Domain the group belongs to (name or ID).
-    This can be used in case collisions between group names exist.
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-    .. versionadded:: 3
-
-.. option:: --project-domain <project-domain>
-
-    Domain the project belongs to (name or ID).
-    This can be used in case collisions between project names exist.
-
-    (Deprecated, please use ``role assignment list`` instead)
-
-    .. versionadded:: 3
-
-.. option:: --inherited
-
-    Specifies if the role grant is inheritable to the sub projects.
-
-    (Deprecated, please use ``role assignment list`` instead)
-
     .. versionadded:: 3
 
 role remove
diff --git a/doc/source/cli/command-objects/user-role.rst b/doc/source/cli/command-objects/user-role.rst
deleted file mode 100644
index 4f443f3126..0000000000
--- a/doc/source/cli/command-objects/user-role.rst
+++ /dev/null
@@ -1,27 +0,0 @@
-=========
-user role
-=========
-
-Identity v2
-
-user role list
---------------
-
-List user-role assignments
-
-*Removed in version 3.*
-
-.. program:: user role list
-.. code:: bash
-
-    openstack user role list
-        [--project <project>]
-        [<user>]
-
-.. option:: --project <project>
-
-    Filter users by `<project>` (name or ID)
-
-.. describe:: <user>
-
-    User to list (name or ID)
diff --git a/openstackclient/identity/v2_0/role.py b/openstackclient/identity/v2_0/role.py
index e254e05fd8..e9fe50fa4a 100644
--- a/openstackclient/identity/v2_0/role.py
+++ b/openstackclient/identity/v2_0/role.py
@@ -148,155 +148,11 @@ class DeleteRole(command.Command):
 class ListRole(command.Lister):
     _description = _("List roles")
 
-    def get_parser(self, prog_name):
-        parser = super(ListRole, self).get_parser(prog_name)
-        parser.add_argument(
-            '--project',
-            metavar='<project>',
-            help=_('Filter roles by <project> (name or ID)'),
-        )
-        parser.add_argument(
-            '--user',
-            metavar='<user>',
-            help=_('Filter roles by <user> (name or ID)'),
-        )
-        return parser
-
-    def take_action(self, parsed_args):
-
-        def _deprecated():
-            # NOTE(henry-nash): Deprecated as of Newton, so we should remove
-            # this in the 'P' release.
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated as of the Newton release. Use role '
-                               'assignment list --user <user-name> --project '
-                               '<project-name> --names instead.'))
-
-        identity_client = self.app.client_manager.identity
-        auth_ref = self.app.client_manager.auth_ref
-
-        # No user or project specified, list all roles in the system
-        if not parsed_args.user and not parsed_args.project:
-            columns = ('ID', 'Name')
-            data = identity_client.roles.list()
-        elif parsed_args.user and parsed_args.project:
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            )
-            project = utils.find_resource(
-                identity_client.projects,
-                parsed_args.project,
-            )
-            _deprecated()
-            data = identity_client.roles.roles_for_user(user.id, project.id)
-
-        elif parsed_args.user:
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            )
-            if self.app.client_manager.auth_ref:
-                project = utils.find_resource(
-                    identity_client.projects,
-                    auth_ref.project_id
-                )
-            else:
-                msg = _("Project must be specified")
-                raise exceptions.CommandError(msg)
-            _deprecated()
-            data = identity_client.roles.roles_for_user(user.id, project.id)
-        elif parsed_args.project:
-            project = utils.find_resource(
-                identity_client.projects,
-                parsed_args.project,
-            )
-            if self.app.client_manager.auth_ref:
-                user = utils.find_resource(
-                    identity_client.users,
-                    auth_ref.user_id
-                )
-            else:
-                msg = _("User must be specified")
-                raise exceptions.CommandError(msg)
-            _deprecated()
-            data = identity_client.roles.roles_for_user(user.id, project.id)
-
-        if parsed_args.user or parsed_args.project:
-            columns = ('ID', 'Name', 'Project', 'User')
-            for user_role in data:
-                user_role.user = user.name
-                user_role.project = project.name
-
-        return (columns,
-                (utils.get_item_properties(
-                    s, columns,
-                    formatters={},
-                ) for s in data))
-
-
-class ListUserRole(command.Lister):
-    _description = _("List user-role assignments")
-
-    def get_parser(self, prog_name):
-        parser = super(ListUserRole, self).get_parser(prog_name)
-        parser.add_argument(
-            'user',
-            metavar='<user>',
-            nargs='?',
-            help=_('User to list (name or ID)'),
-        )
-        parser.add_argument(
-            '--project',
-            metavar='<project>',
-            help=_('Filter users by <project> (name or ID)'),
-        )
-        return parser
-
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
-        auth_ref = self.app.client_manager.auth_ref
 
-        # Project and user are required, if not included in command args
-        # default to the values used for authentication.  For token-flow
-        # authentication they must be included on the command line.
-        if (not parsed_args.project and
-                self.app.client_manager.auth_ref.project_id):
-            parsed_args.project = auth_ref.project_id
-        if not parsed_args.project:
-            msg = _("Project must be specified")
-            raise exceptions.CommandError(msg)
-
-        if (not parsed_args.user and
-                self.app.client_manager.auth_ref.user_id):
-            parsed_args.user = auth_ref.user_id
-        if not parsed_args.user:
-            msg = _("User must be specified")
-            raise exceptions.CommandError(msg)
-
-        self.log.warning(_('Listing assignments using user role list is '
-                           'deprecated as of the Newton release. Use role '
-                           'assignment list --user <user-name> --project '
-                           '<project-name> --names instead.'))
-        project = utils.find_resource(
-            identity_client.tenants,
-            parsed_args.project,
-        )
-        user = utils.find_resource(identity_client.users, parsed_args.user)
-
-        data = identity_client.roles.roles_for_user(user.id, project.id)
-
-        columns = (
-            'ID',
-            'Name',
-            'Project',
-            'User',
-        )
-
-        # Add the names to the output even though they will be constant
-        for role in data:
-            role.user = user.name
-            role.project = project.name
+        columns = ('ID', 'Name')
+        data = identity_client.roles.list()
 
         return (columns,
                 (utils.get_item_properties(
diff --git a/openstackclient/identity/v2_0/service.py b/openstackclient/identity/v2_0/service.py
index 80f2d72a98..653de8eb47 100644
--- a/openstackclient/identity/v2_0/service.py
+++ b/openstackclient/identity/v2_0/service.py
@@ -15,7 +15,6 @@
 
 """Service action implementations"""
 
-import argparse
 import logging
 
 from osc_lib.command import command
@@ -36,17 +35,11 @@ class CreateService(command.ShowOne):
     def get_parser(self, prog_name):
         parser = super(CreateService, self).get_parser(prog_name)
         parser.add_argument(
-            'type_or_name',
+            'type',
             metavar='<type>',
             help=_('New service type (compute, image, identity, volume, etc)'),
         )
-        type_or_name_group = parser.add_mutually_exclusive_group()
-        type_or_name_group.add_argument(
-            '--type',
-            metavar='<type>',
-            help=argparse.SUPPRESS,
-        )
-        type_or_name_group.add_argument(
+        parser.add_argument(
             '--name',
             metavar='<name>',
             help=_('New service name'),
@@ -61,29 +54,14 @@ class CreateService(command.ShowOne):
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
-        type_or_name = parsed_args.type_or_name
         name = parsed_args.name
         type = parsed_args.type
 
-        # If only a single positional is present, it's a <type>.
-        # This is not currently legal so it is considered a new case.
-        if not type and not name:
-            type = type_or_name
-        # If --type option is present then positional is handled as <name>;
-        # display deprecation message.
-        elif type:
-            name = type_or_name
-            LOG.warning(_('The argument --type is deprecated, use service'
-                          ' create --name <service-name> type instead.'))
-        # If --name option is present the positional is handled as <type>.
-        # Making --type optional is new, but back-compatible
-        elif name:
-            type = type_or_name
-
         service = identity_client.services.create(
             name,
             type,
-            parsed_args.description)
+            parsed_args.description,
+        )
 
         info = {}
         info.update(service._info)
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 58a76f8a65..0eeddd37fb 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -266,131 +266,28 @@ class ListRole(command.Lister):
 
     def get_parser(self, prog_name):
         parser = super(ListRole, self).get_parser(prog_name)
-
-        # TODO(henry-nash): The use of the List Role command to list
-        # assignments (as well as roles) has been deprecated. In order
-        # to support domain specific roles, we are overriding the domain
-        # option to allow specification of the domain for the role. This does
-        # not conflict with any existing commands, since for the deprecated
-        # assignments listing you were never allowed to only specify a domain
-        # (you also needed to specify a user).
-        #
-        # Once we have removed the deprecated options entirely, we must
-        # replace the call to _add_identity_and_resource_options_to_parser()
-        # below with just adding the domain option into the parser.
-        _add_identity_and_resource_options_to_parser(parser)
+        parser.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help=_('Include <domain> (name or ID)'),
+        )
         return parser
 
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
-        if parsed_args.user:
-            user = common.find_user(
-                identity_client,
-                parsed_args.user,
-                parsed_args.user_domain,
-            )
-        elif parsed_args.group:
-            group = common.find_group(
-                identity_client,
-                parsed_args.group,
-                parsed_args.group_domain,
-            )
-
         if parsed_args.domain:
             domain = common.find_domain(
                 identity_client,
                 parsed_args.domain,
             )
-        elif parsed_args.project:
-            project = common.find_project(
-                identity_client,
-                parsed_args.project,
-                parsed_args.project_domain,
-            )
-
-        # no user or group specified, list all roles in the system
-        if not parsed_args.user and not parsed_args.group:
-            if not parsed_args.domain:
-                columns = ('ID', 'Name')
-                data = identity_client.roles.list()
-            else:
-                columns = ('ID', 'Name', 'Domain')
-                data = identity_client.roles.list(domain_id=domain.id)
-                for role in data:
-                    role.domain = domain.name
-        elif parsed_args.user and parsed_args.domain:
-            columns = ('ID', 'Name', 'Domain', 'User')
-            data = identity_client.roles.list(
-                user=user,
-                domain=domain,
-                os_inherit_extension_inherited=parsed_args.inherited
-            )
-            for user_role in data:
-                user_role.user = user.name
-                user_role.domain = domain.name
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated. Use role assignment list --user '
-                               '<user-name> --domain <domain-name> --names '
-                               'instead.'))
-        elif parsed_args.user and parsed_args.project:
-            columns = ('ID', 'Name', 'Project', 'User')
-            data = identity_client.roles.list(
-                user=user,
-                project=project,
-                os_inherit_extension_inherited=parsed_args.inherited
-            )
-            for user_role in data:
-                user_role.user = user.name
-                user_role.project = project.name
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated. Use role assignment list --user '
-                               '<user-name> --project <project-name> --names '
-                               'instead.'))
-        elif parsed_args.user:
-            columns = ('ID', 'Name')
-            data = identity_client.roles.list(
-                user=user,
-                domain='default',
-                os_inherit_extension_inherited=parsed_args.inherited
-            )
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated. Use role assignment list --user '
-                               '<user-name> --domain default --names '
-                               'instead.'))
-        elif parsed_args.group and parsed_args.domain:
-            columns = ('ID', 'Name', 'Domain', 'Group')
-            data = identity_client.roles.list(
-                group=group,
-                domain=domain,
-                os_inherit_extension_inherited=parsed_args.inherited
-            )
-            for group_role in data:
-                group_role.group = group.name
-                group_role.domain = domain.name
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated. Use role assignment list --group '
-                               '<group-name> --domain <domain-name> --names '
-                               'instead.'))
-        elif parsed_args.group and parsed_args.project:
-            columns = ('ID', 'Name', 'Project', 'Group')
-            data = identity_client.roles.list(
-                group=group,
-                project=project,
-                os_inherit_extension_inherited=parsed_args.inherited
-            )
-            for group_role in data:
-                group_role.group = group.name
-                group_role.project = project.name
-            self.log.warning(_('Listing assignments using role list is '
-                               'deprecated. Use role assignment list --group '
-                               '<group-name> --project <project-name> --names '
-                               'instead.'))
+            columns = ('ID', 'Name', 'Domain')
+            data = identity_client.roles.list(domain_id=domain.id)
+            for role in data:
+                role.domain = domain.name
         else:
-            msg = _("Error: If a user or group is specified, "
-                    "either --domain or --project must also be "
-                    "specified to list role grants.")
-            raise exceptions.CommandError(msg)
+            columns = ('ID', 'Name')
+            data = identity_client.roles.list()
 
         return (columns,
                 (utils.get_item_properties(
diff --git a/openstackclient/tests/functional/identity/v2/test_role.py b/openstackclient/tests/functional/identity/v2/test_role.py
index 82e19aaba9..124603d8b6 100644
--- a/openstackclient/tests/functional/identity/v2/test_role.py
+++ b/openstackclient/tests/functional/identity/v2/test_role.py
@@ -29,38 +29,6 @@ class RoleTests(common.IdentityTests):
         items = self.parse_listing(raw_output)
         self.assert_table_structure(items, common.BASIC_LIST_HEADERS)
 
-    def test_role_list_with_user_project(self):
-        project_name = self._create_dummy_project()
-        role_name = self._create_dummy_role()
-        username = self._create_dummy_user()
-        raw_output = self.openstack(
-            'role add '
-            '--project %(project)s '
-            '--user %(user)s '
-            '%(role)s' % {'project': project_name,
-                          'user': username,
-                          'role': role_name})
-        self.addCleanup(
-            self.openstack,
-            'role remove '
-            '--project %(project)s '
-            '--user %(user)s '
-            '%(role)s' % {'project': project_name,
-                          'user': username,
-                          'role': role_name})
-        items = self.parse_show(raw_output)
-        self.assert_show_fields(items, self.ROLE_FIELDS)
-
-        raw_output = self.openstack(
-            'role list '
-            '--project %(project)s '
-            '--user %(user)s '
-            '' % {'project': project_name,
-                  'user': username})
-        items = self.parse_listing(raw_output)
-        self.assert_table_structure(items, common.BASIC_LIST_HEADERS)
-        self.assertEqual(1, len(items))
-
     def test_role_show(self):
         role_name = self._create_dummy_role()
         raw_output = self.openstack('role show %s' % role_name)
diff --git a/openstackclient/tests/functional/identity/v3/test_role.py b/openstackclient/tests/functional/identity/v3/test_role.py
index fb9e061424..38bfff7187 100644
--- a/openstackclient/tests/functional/identity/v3/test_role.py
+++ b/openstackclient/tests/functional/identity/v3/test_role.py
@@ -31,47 +31,6 @@ class RoleTests(common.IdentityTests):
         items = self.parse_listing(raw_output)
         self.assert_table_structure(items, common.BASIC_LIST_HEADERS)
 
-    def test_role_list_with_user_project(self):
-        role_name = self._create_dummy_role()
-        username = self._create_dummy_user()
-        raw_output = self.openstack(
-            'role add '
-            '--project %(project)s '
-            '--project-domain %(project_domain)s '
-            '--user %(user)s '
-            '--user-domain %(user_domain)s '
-            '%(role)s' % {'project': self.project_name,
-                          'project_domain': self.domain_name,
-                          'user': username,
-                          'user_domain': self.domain_name,
-                          'role': role_name})
-        self.addCleanup(
-            self.openstack,
-            'role remove '
-            '--project %(project)s '
-            '--project-domain %(project_domain)s '
-            '--user %(user)s '
-            '--user-domain %(user_domain)s '
-            '%(role)s' % {'project': self.project_name,
-                          'project_domain': self.domain_name,
-                          'user': username,
-                          'user_domain': self.domain_name,
-                          'role': role_name})
-        self.assertEqual(0, len(raw_output))
-        raw_output = self.openstack(
-            'role list '
-            '--project %(project)s '
-            '--project-domain %(project_domain)s '
-            '--user %(user)s '
-            '--user-domain %(user_domain)s '
-            '' % {'project': self.project_name,
-                  'project_domain': self.domain_name,
-                  'user': username,
-                  'user_domain': self.domain_name})
-        items = self.parse_listing(raw_output)
-        self.assert_table_structure(items, common.BASIC_LIST_HEADERS)
-        self.assertEqual(1, len(items))
-
     def test_role_show(self):
         role_name = self._create_dummy_role()
         raw_output = self.openstack('role show %s' % role_name)
diff --git a/openstackclient/tests/unit/identity/v2_0/test_role.py b/openstackclient/tests/unit/identity/v2_0/test_role.py
index 684ce803a2..643d77f600 100644
--- a/openstackclient/tests/unit/identity/v2_0/test_role.py
+++ b/openstackclient/tests/unit/identity/v2_0/test_role.py
@@ -278,7 +278,7 @@ class TestRoleList(TestRole):
         # Get the command object to test
         self.cmd = role.ListRole(self.app, None)
 
-    def test_role_list_no_options(self):
+    def test_role_list(self):
         arglist = []
         verifylist = []
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -299,137 +299,6 @@ class TestRoleList(TestRole):
         self.assertEqual(datalist, tuple(data))
 
 
-class TestUserRoleList(TestRole):
-
-    columns = (
-        'ID',
-        'Name',
-        'Project',
-        'User'
-    )
-
-    def setUp(self):
-        super(TestUserRoleList, self).setUp()
-
-        self.projects_mock.get.return_value = self.fake_project
-
-        self.users_mock.get.return_value = self.fake_user
-
-        self.roles_mock.roles_for_user.return_value = [self.fake_role]
-
-        # Get the command object to test
-        self.cmd = role.ListUserRole(self.app, None)
-
-    def test_user_role_list_no_options_unscoped_token(self):
-        auth_ref = identity_fakes.fake_auth_ref(
-            identity_fakes.UNSCOPED_TOKEN,
-            fake_service=self.fake_service,
-        )
-        self.ar_mock = mock.PropertyMock(return_value=auth_ref)
-        type(self.app.client_manager).auth_ref = self.ar_mock
-
-        arglist = []
-        verifylist = []
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # This argument combination should raise a CommandError
-        self.assertRaises(
-            exceptions.CommandError,
-            self.cmd.take_action,
-            parsed_args,
-        )
-
-    def test_user_role_list_no_options_scoped_token(self):
-        arglist = []
-        verifylist = []
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        self.roles_mock.roles_for_user.assert_called_with(
-            self.fake_user.id,
-            self.fake_project.id,
-        )
-
-        collist = ('ID', 'Name', 'Project', 'User')
-        self.assertEqual(collist, columns)
-        datalist = ((
-            self.fake_role.id,
-            self.fake_role.name,
-            self.fake_project.name,
-            self.fake_user.name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-    def test_user_role_list_project_unscoped_token(self):
-        auth_ref = identity_fakes.fake_auth_ref(
-            identity_fakes.UNSCOPED_TOKEN,
-            fake_service=self.fake_service,
-        )
-        self.ar_mock = mock.PropertyMock(return_value=auth_ref)
-        type(self.app.client_manager).auth_ref = self.ar_mock
-
-        self.projects_mock.get.return_value = self.fake_project
-        arglist = [
-            '--project', self.fake_project.name,
-        ]
-        verifylist = [
-            ('project', self.fake_project.name),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        self.roles_mock.roles_for_user.assert_called_with(
-            self.fake_user.id,
-            self.fake_project.id,
-        )
-
-        self.assertEqual(columns, columns)
-        datalist = ((
-            self.fake_role.id,
-            self.fake_role.name,
-            self.fake_project.name,
-            self.fake_user.name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-    def test_user_role_list_project_scoped_token(self):
-        self.projects_mock.get.return_value = self.fake_project
-        arglist = [
-            '--project', self.fake_project.name,
-        ]
-        verifylist = [
-            ('project', self.fake_project.name),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        self.roles_mock.roles_for_user.assert_called_with(
-            self.fake_user.id,
-            self.fake_project.id,
-        )
-
-        self.assertEqual(columns, columns)
-        datalist = ((
-            self.fake_role.id,
-            self.fake_role.name,
-            self.fake_project.name,
-            self.fake_user.name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-
 class TestRoleRemove(TestRole):
 
     def setUp(self):
diff --git a/openstackclient/tests/unit/identity/v2_0/test_service.py b/openstackclient/tests/unit/identity/v2_0/test_service.py
index 1948bf4ab0..6c4374eff3 100644
--- a/openstackclient/tests/unit/identity/v2_0/test_service.py
+++ b/openstackclient/tests/unit/identity/v2_0/test_service.py
@@ -55,43 +55,14 @@ class TestServiceCreate(TestService):
         # Get the command object to test
         self.cmd = service.CreateService(self.app, None)
 
-    def test_service_create_with_type_positional(self):
+    def test_service_create(self):
         arglist = [
             self.fake_service_c.type,
         ]
         verifylist = [
-            ('type_or_name', self.fake_service_c.type),
-            ('type', None),
-            ('description', None),
-            ('name', None),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class ShowOne in cliff, abstract method take_action()
-        # returns a two-part tuple with a tuple of column names and a tuple of
-        # data to be shown.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # ServiceManager.create(name, service_type, description)
-        self.services_mock.create.assert_called_with(
-            None,
-            self.fake_service_c.type,
-            None,
-        )
-
-        self.assertEqual(self.columns, columns)
-        self.assertEqual(self.datalist, data)
-
-    def test_service_create_with_type_option(self):
-        arglist = [
-            '--type', self.fake_service_c.type,
-            self.fake_service_c.name,
-        ]
-        verifylist = [
-            ('type_or_name', self.fake_service_c.name),
             ('type', self.fake_service_c.type),
-            ('description', None),
             ('name', None),
+            ('description', None),
         ]
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 
@@ -102,7 +73,7 @@ class TestServiceCreate(TestService):
 
         # ServiceManager.create(name, service_type, description)
         self.services_mock.create.assert_called_with(
-            self.fake_service_c.name,
+            None,
             self.fake_service_c.type,
             None,
         )
@@ -116,10 +87,9 @@ class TestServiceCreate(TestService):
             self.fake_service_c.type,
         ]
         verifylist = [
-            ('type_or_name', self.fake_service_c.type),
-            ('type', None),
-            ('description', None),
+            ('type', self.fake_service_c.type),
             ('name', self.fake_service_c.name),
+            ('description', None),
         ]
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 
@@ -145,10 +115,9 @@ class TestServiceCreate(TestService):
             self.fake_service_c.type,
         ]
         verifylist = [
-            ('type_or_name', self.fake_service_c.type),
-            ('type', None),
-            ('description', self.fake_service_c.description),
+            ('type', self.fake_service_c.type),
             ('name', self.fake_service_c.name),
+            ('description', self.fake_service_c.description),
         ]
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
 
diff --git a/openstackclient/tests/unit/identity/v3/test_role.py b/openstackclient/tests/unit/identity/v3/test_role.py
index 281d530c7e..99f3a2de74 100644
--- a/openstackclient/tests/unit/identity/v3/test_role.py
+++ b/openstackclient/tests/unit/identity/v3/test_role.py
@@ -508,21 +508,6 @@ class TestRoleList(TestRole):
             copy.deepcopy(identity_fakes.DOMAIN),
             loaded=True,
         )
-        self.projects_mock.get.return_value = fakes.FakeResource(
-            None,
-            copy.deepcopy(identity_fakes.PROJECT),
-            loaded=True,
-        )
-        self.users_mock.get.return_value = fakes.FakeResource(
-            None,
-            copy.deepcopy(identity_fakes.USER),
-            loaded=True,
-        )
-        self.groups_mock.get.return_value = fakes.FakeResource(
-            None,
-            copy.deepcopy(identity_fakes.GROUP),
-            loaded=True,
-        )
 
         # Get the command object to test
         self.cmd = role.ListRole(self.app, None)
@@ -542,212 +527,6 @@ class TestRoleList(TestRole):
         self.assertEqual(self.columns, columns)
         self.assertEqual(self.datalist, tuple(data))
 
-    def test_user_list_inherited(self):
-        arglist = [
-            '--user', identity_fakes.user_id,
-            '--inherited',
-        ]
-        verifylist = [
-            ('user', identity_fakes.user_id),
-            ('inherited', True),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'domain': 'default',
-            'user': self.users_mock.get(),
-            'os_inherit_extension_inherited': True,
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        self.assertEqual(self.columns, columns)
-        self.assertEqual(self.datalist, tuple(data))
-
-    def test_user_list_user(self):
-        arglist = [
-            '--user', identity_fakes.user_id,
-        ]
-        verifylist = [
-            ('user', identity_fakes.user_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'domain': 'default',
-            'user': self.users_mock.get(),
-            'os_inherit_extension_inherited': False
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        self.assertEqual(self.columns, columns)
-        self.assertEqual(self.datalist, tuple(data))
-
-    def test_role_list_domain_user(self):
-        arglist = [
-            '--domain', identity_fakes.domain_name,
-            '--user', identity_fakes.user_id,
-        ]
-        verifylist = [
-            ('domain', identity_fakes.domain_name),
-            ('user', identity_fakes.user_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'domain': self.domains_mock.get(),
-            'user': self.users_mock.get(),
-            'os_inherit_extension_inherited': False
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        collist = ('ID', 'Name', 'Domain', 'User')
-        self.assertEqual(collist, columns)
-        datalist = ((
-            identity_fakes.role_id,
-            identity_fakes.role_name,
-            identity_fakes.domain_name,
-            identity_fakes.user_name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-    def test_role_list_domain_group(self):
-        arglist = [
-            '--domain', identity_fakes.domain_name,
-            '--group', identity_fakes.group_id,
-        ]
-        verifylist = [
-            ('domain', identity_fakes.domain_name),
-            ('group', identity_fakes.group_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'domain': self.domains_mock.get(),
-            'group': self.groups_mock.get(),
-            'os_inherit_extension_inherited': False
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        collist = ('ID', 'Name', 'Domain', 'Group')
-        self.assertEqual(collist, columns)
-        datalist = ((
-            identity_fakes.role_id,
-            identity_fakes.role_name,
-            identity_fakes.domain_name,
-            identity_fakes.group_name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-    def test_role_list_project_user(self):
-        arglist = [
-            '--project', identity_fakes.project_name,
-            '--user', identity_fakes.user_id,
-        ]
-        verifylist = [
-            ('project', identity_fakes.project_name),
-            ('user', identity_fakes.user_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'project': self.projects_mock.get(),
-            'user': self.users_mock.get(),
-            'os_inherit_extension_inherited': False
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        collist = ('ID', 'Name', 'Project', 'User')
-        self.assertEqual(collist, columns)
-        datalist = ((
-            identity_fakes.role_id,
-            identity_fakes.role_name,
-            identity_fakes.project_name,
-            identity_fakes.user_name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
-    def test_role_list_project_group(self):
-        arglist = [
-            '--project', identity_fakes.project_name,
-            '--group', identity_fakes.group_id,
-        ]
-        verifylist = [
-            ('project', identity_fakes.project_name),
-            ('group', identity_fakes.group_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-
-        # In base command class Lister in cliff, abstract method take_action()
-        # returns a tuple containing the column names and an iterable
-        # containing the data to be listed.
-        columns, data = self.cmd.take_action(parsed_args)
-
-        # Set expected values
-        kwargs = {
-            'project': self.projects_mock.get(),
-            'group': self.groups_mock.get(),
-            'os_inherit_extension_inherited': False
-        }
-        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
-        self.roles_mock.list.assert_called_with(
-            **kwargs
-        )
-
-        collist = ('ID', 'Name', 'Project', 'Group')
-        self.assertEqual(collist, columns)
-        datalist = ((
-            identity_fakes.role_id,
-            identity_fakes.role_name,
-            identity_fakes.project_name,
-            identity_fakes.group_name,
-        ), )
-        self.assertEqual(datalist, tuple(data))
-
     def test_role_list_domain_role(self):
         self.roles_mock.list.return_value = [
             fakes.FakeResource(
@@ -787,17 +566,6 @@ class TestRoleList(TestRole):
         ), )
         self.assertEqual(datalist, tuple(data))
 
-    def test_role_list_group_with_error(self):
-        arglist = [
-            '--group', identity_fakes.group_id,
-        ]
-        verifylist = [
-            ('group', identity_fakes.group_id),
-        ]
-        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
-        self.assertRaises(exceptions.CommandError,
-                          self.cmd.take_action, parsed_args)
-
 
 class TestRoleRemove(TestRole):
 
diff --git a/releasenotes/notes/osc4-identity-6564257c67d43106.yaml b/releasenotes/notes/osc4-identity-6564257c67d43106.yaml
new file mode 100644
index 0000000000..a5105c801c
--- /dev/null
+++ b/releasenotes/notes/osc4-identity-6564257c67d43106.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    Remove deprecated ``role list`` options ``--project`` and ``--user``.
+    Use ``role assignment list`` options ``--project`` and ``--user`` instead.
+  - |
+    Remove deprecated ``user role list`` command.
+    Use ``role assignment list`` options ``--project`` and ``--user`` instead.
+  - |
+    Remove deprecated ``service create`` option ``--type``.  
+    The type is supplied as a positional argument in The
+    ``service create --name <service-name> type`` command.
diff --git a/setup.cfg b/setup.cfg
index 031776a99d..cc57a1037a 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -192,8 +192,6 @@ openstack.identity.v2 =
     user_set = openstackclient.identity.v2_0.user:SetUser
     user_show = openstackclient.identity.v2_0.user:ShowUser
 
-    user_role_list = openstackclient.identity.v2_0.role:ListUserRole
-
 openstack.identity.v3 =
     access_token_create = openstackclient.identity.v3.token:CreateAccessToken