diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py index 04a417c43c..973c6224e3 100644 --- a/heat/common/heat_keystoneclient.py +++ b/heat/common/heat_keystoneclient.py @@ -554,6 +554,10 @@ class KeystoneClientV3(object): def auth_token(self): return self.context.auth_plugin.get_token(self.session) + @property + def auth_ref(self): + return self.context.auth_plugin.get_access(self.session) + class KeystoneClient(object): """Keystone Auth Client. diff --git a/heat/engine/stack.py b/heat/engine/stack.py index 738b4d736c..be19afe4bf 100644 --- a/heat/engine/stack.py +++ b/heat/engine/stack.py @@ -191,6 +191,8 @@ class Stack(collections.Mapping): if use_stored_context: self.context = self.stored_context() + self.context.roles = self.context.clients.client( + 'keystone').auth_ref.role_names self.clients = self.context.clients diff --git a/heat/tests/fakes.py b/heat/tests/fakes.py index 15c9e7d244..60bb4c6c55 100644 --- a/heat/tests/fakes.py +++ b/heat/tests/fakes.py @@ -94,7 +94,7 @@ class FakeKeystoneClient(object): def __init__(self, username='test_username', password='password', user_id='1234', access='4567', secret='8901', credential_id='abcdxyz', auth_token='abcd1234', - context=None, stack_domain_id='4321'): + context=None, stack_domain_id='4321', roles=None): self.username = username self.password = password self.user_id = user_id @@ -106,6 +106,7 @@ class FakeKeystoneClient(object): self.context = context self.v3_endpoint = 'http://localhost:5000/v3' self.stack_domain_id = stack_domain_id + self.roles = roles or [] class FakeCred(object): id = self.credential_id @@ -191,6 +192,19 @@ class FakeKeystoneClient(object): else: return self.token + @property + def auth_ref(self): + return FakeAccessInfo(roles=self.roles) + + +class FakeAccessInfo(object): + def __init__(self, roles): + self.roles = roles + + @property + def role_names(self): + return self.roles + class FakeEventSink(object):